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the created digital signature into the received content. When 
an illegal copy is found, the provider system verifies the 
digital signature, embedded in the illegal copy as a digital 
watermark, to identify the purchaser who purchased the 
content from which the illegal copy was produced. 
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BACKGROUND OF THE INVENTION 

1. Field of the Invention 

This invention relates to technology which authenticates 
the relation between digital data and an individual/ 
organization. 

2. Description of Related Art 

As the information society has evolved recently, more and 
more digital data is used instead of traditional printed matter 
as communication media. Digital data is sometimes sold as 
a valuable commodity. 2 5 

In the information society like this, some means are 
necessary to authenticate the relation between digital data 
and an individual/organization in order to prevent crimes or 
malicious actions including illegal copying, illegal 
alteration, and illegal use of digital data. For example, to 30 
check that digital data has been provided by an authentic 
organization, some means are necessary to authenticate the 
relation between the digital data and the authentic organi- 
zation. Similarly, to check the source of digital data or to 
check the individual or organization owning the right to 35 
digital data, some means are necessary to authenticate the 
relation between the digital data and an individual or an 
organization. 

Conventionally, a technique known as a digital signature 
has been used to authenticate the relation between digital 40 
data and an individual/organization. 

As described in "ANGO RIRON NYUMON 
(Introduction to Cryptography)", pages 133-137, Kyoritsu 
Shuppan Co., Ltd. 1993, the digital signature technique, 
developed to prove the correctness of documents, combines 45 
public key cipher technology with one-way functions. 

In this technology, a pair of keys, a private key S and a 
public key V which satisfy g (f (n, S) V)=n and f(g (n, V), 
S)=n, is created first, wheic n represents data, and f and g 5Q 
represent functions. These formulae mean that data 
encrypted with the private key S may be decrypted by with 
the public key V and that, conversely, data encrypted with 
the public key V may be decrypted with the private key S. 
It should also be noted that it is virtually impossible to find 55 
the private key S from the public key V. 

Once the private key S and the public key V are created, 
the creator passes the public key V to a partner and holds the 
private key S privately. 

When the key creator sends data to the partner, the creator go 
passes data to which a digital signature is attached. This 
digital signature is created by evaluating data with a prede- 
termined one-way function and then encrypting the resulting 
evaluation value with the private key S. 

The one-way function described above can calculate an 65 
evaluation value from data, but it is impossible to virtually 
calculate the original data from the evaluation value. In 
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addition, it is necessary for the one-way function used in 
creating a digital signature to return a unique bit string for 
each piece of unique data; that is, the probability of the 
function returning the same bit string to two or more pieces 
of data must be very small. An example of such functions is 
a one-way hash function which evaluates data and returns a 
bit string as the evaluation value of the data. The evaluation 
value h(D) calculated by the one-way hash function is called 
the hash value of D, where h is the one-way hash function 
and D is data. 

Upon receiving data to which a digital signature is 
attached, the receiving partner evaluates the data with the 
one-way function to obtain an evaluation value and then 
checks if the evaluation value matches the value generated 
by decrypting the digital signature using the public key V. 
When they match, it is verified that the digital signature was 
created by the holder of the private key S corresponding to 
the public key V and that the digital signature is for the data 
that was received. 

The technique described in "Applied Cryptography", 
John Wilsy & Sons, Inc. (1996), pp 39-41, is known as a 
technique for creating digital signatures for use by a plural- 
ity of persons that are attached to one piece of data. 

When this technique is used, not all signature creators 
need to generate the hash value of data to create a digital 
signature; and instead, each of the second and subsequent 
signature creators calculates the hash value of the digital 
signature of the immediately-preceding creator to get his or 
her digital signature. That is, the first signature creator 
calculates the hash value of data and then encrypts the 
resulting hash value with his or her own private key to get 
a digital signature, as described above. The second creator 
encrypts the hash value of the first creator's digital signature 
with his or her own private key to get a digital signature. 
This is repeated for the subsequent signature creators. That 
is, the n-th creator encrypts the hash value of the (n-l)th 
creator's digital signature with his or her own private key to 
obtain a digital signature. 

In this case, the digital signatures created by n signature 
creators are verified as follows. The final digital signature is 
decrypted by the public key of the final (n-th) signature 
creator, the decrypted digital signature is then decrypted by 
the public key of the (n-l)th signature creator, and so on, 
until the digital signature of the first signature creator is 
decrypted. If the result obtained by decrypting the signature 
by the public key of the first signature creator matches the 
hash value of the original data, it is determined that the 
digital signature was created by n signature creators each 
having his or her own public key and that the digital 
signature corresponds to the data. However, when the 
sequence in which the signature creators created signatures 
is not known, this technique requires that the above process 
be performed for the number of times generated by permu- 
tating all signature creators. 

Also available for authenticating the relation between 
digital data and an individual/organization is a technique 
known as a digital watermark. 

As described in Nikkei Electronics (1997), No. 683, pp. 
99-107, this technique embeds management information, 
such as copyright information, into image data itself. 

The digital watermark technique has the following fea- 
tures. Embedded data is not usually seen when image data 
containing that embedded information is displayed and, in 
addition, the image data itself displayed on a screen is 
almost not affected by the embedded information. Removing 
only the embedded information is difficult and, if the embed- 
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ded information is removed accurately, the picture quality of Markup Language). Then, the user stores this Web page in 

the image data is significantly degraded. In general, even a location (directory) in the WWW server so that it may be 

when the image data is compressed, embedded information accessed from other computers (client terminals or other 

may be restored to some extent. WWW servers). 

Adigital watermark technique which enables information 5 To browse a published Web page from a cLient terminal 

to be embedded, not into image data, but into text data, » bowser program, a terminal user mus type the URL 

drawing data (graphic data), and audio data has a.so been *™ ^ « 

proposed. terminal. The text data, image data, and video data of the 

In Nikkei Electronics (1997), No. 683, pp. 99-107, a Web page are displayed on the client terminal screen. Audio 

technique using such digital watermark for preventing the 10 dala> # j nc i uc ied in the page, is produced from the speaker 

illegal copy of contents, which are composed of digital data connected to the client terminal. 

such as image data, is also described. recent trend is that the WWW system like this is used 

This technique embeds the identification of the contents no t only as the communication means but also in business, 

purchaser into the contents in the form of a digital water- One such application is an electronic commerce system 

mark. When illegally copied contents are seized, the embed- 15 which provides the user with information on goods using 

ded information is extracted to identify the person (that is, this WWW system. 

the purchaser) who produced the illegal copy. The overview of this electronic commerce system is 
The basic procedure for embedding purchaser's identifi- described in "JYOHOSHORI (Information Processing), No. 
cation information is ^follows: (1) The provider (contents on 9 of volume 38", pp. 752-S10 (Issuer: Kouji Iizuka, Pub- 
provider) assigns a unique number to a contents purchaser. 20 Ushed by Jyohoshori Gakkai (Information Processing Soci- 

(2) The provider embeds the number of the contents, pur- etv of Japan)). 

chaser into the contents in the form of a digital watermark. The electronic commerce system described in the above- 

(3) When illegally-copied contents are found and seized, the mentioned publication not only provides the user with 
provider or inspection division extracts the number from the n< information on goods but also settles accounts with the use 
contents to identify the purchaser. (4) The penalty is 25 of the cryptography technology, such as common key cipher 
imposed on the purchaser for illegal copy or for lending the and public key cipher, and the authentication technology 
contents to a person who produced the illegal copy. such as digital signatures. In this system, many settlement 

Recently, a WWW (World Wide Web) system, composed methods, including bank settlements, credit card 

r mimrvw j u ~ . „ settlements, or electro Die money settlements, are used, 

of a WWW server program and a browser program, has n ^ u ' J ' 

become popular as means for providing and sending infer- I* such an electronic commerce system, most vendors 

mation to a plurality of users over an open network such as i^de into their web pages the image data, such as the 

the Internet. As this type of WWW system has become logos of credit card companies, to allow the user to instantly 

widely used, it has become necessary to be able to authen- sdect one of various payment methods. This is similar to a 

ticate the relation between a Web page, which contains „ real-world (not a virtual world such as the Internet) store 

digital data made available on a WW server, and an where the logos of the credit card companies are put up on 

individual/organization in order to prevent crimes or mali- the counter or in the show window, 

cious actions from occurring through the illegal use of the Sometimes, a Web page may also contain image data, 

WWW system. For example, when a Web page is guaran- such as logo marks indicating the Web page creator or an 

teed by some authentic organization, it is necessary to be authentic individual or organization which has authorized 

able to authenticate the relation between the Web page and the Web page, to allow a Web page user to instantly ascertain 

the organization to allow the user to make sure that the Web who has created the Web page or that the Web page has been 

page is truly guaranteed. Similarly, to check the individual's authorized by the authentic individual or organization, 

or organization' right to a Web page creator or a Web page, The above -described digital watermark technology has 

the relation between the Web page and the individual or 45 the following problems. 

organization must be able to be authenticated. First, the relation between information embedded as a 

As described in the April 1996 issue of "OPEN DESIGN" digital watermark and an individual/organization indicated 

(published by CQ Publishing Co., Ltd. Issuer: Ryoji by the embedded information is not always guaranteed. That 

Gamou), pp. 4-22 and pp. 40-78, a WWW system features is, it cannot be always said that the information embedded 

not only the easy-to-operate graphical user interface (GUI) 50 in the digital data indicates the relation between the 

but also the usability which allows the user to reference individual/organization and the digital data correctly, 

related information linked by hypertext. This WWW system For example, with the illegal copy prevention technique 

has contributed to the fast growth of the Internet. described above, a number embedded in the illegally-copied 

The outline of a WWW system introduced by the publi- contents cannot always be used as a proof that the illegally- 

cation is as follows: 55 copied contents were purchased by the purchaser corre- 

The WWW system is composed of at least one WWW sponding to that number. That is, because the number was 

server on which a WWW server program for publishing given by the provider one-sidedly, the purchaser may insist 

information runs and at least one client terminal on which a that the number found in the copy is not the one assigned to 

browser program for browsing published information runs. him or her. 

Data is transferred between the WWW server and the client 60 In the case of the Web page described above, there is a 
terminal via the communication protocol called HTTP possibility of an illegal user forging information to pretend 
(HyperText Transfer Protocol). to be some other user and embedding it as a digital water- 
To publish information on the WWW server, a server user mark or alternatively he may pretend that the information is 
must create a Web page containing data to be published. This guaranteed by an authentic organization, 
page contains text data, image data, audio data, video data, 65 Second, the relation between digital data and an 
and link data to other Web pages, all interconnected using a individual/organization indicated by the information embed- 
structure description language called HTML (Hyper Text ded as a digital watermark is not guaranteed. 



12/16/2004, EAST Version: 2.0.1.4 



6,131,162 

5 6 

For example, in the illegal copy prevention technique between digital data and an individual/organization more 

described above, there is no proof that a purchaser's number reliably. It is another object of this invention to provide a 

is embedded correctly in the content purchased by the technique which directly presents the user with digital 

purchaser. In other words, there is a possibility that a person information on an individual/organization associated with 

other than the purchaser (for example, a person at the 5 digital data such that the relation between the digital infor- 

provider) has mistakenly or maliciously embedded the pur- mation and the individual/organization corresponds to the 

chaser's number in a content not purchased by the purchaser. relation between the digital data itself and the individual/ 

In the. case of the Web page described above, there is a organization, 

possibility of an illegal user extracting a digital watermark, To achieve the above objects, a method according to this 

embedding it in a Web page by an individual/organization, i° invention is an embed-in-content information processing 

and embedding it in his/her Web page to pretend to be the method for processing information embedded in a content 

legal purchaser or to pretend that his/her page is guaranteed using an electronic computer. The method includes the steps 

by an authentic organization. of creating cryptographic information by encrypting specific 

Third, when there are many copyright holders for a single data using a private key in accordance with a public key 

content with much copyright information that must be 15 cipher system used by content-handling persons; and 

embedded in it with the use of the digital watermark embedding the created cryptographic information into the 

technique, the quality of the content (image quality when the content such that the cryptographic information cannot be 

content is image data) is significantly degraded. separated from the content without using a predetermined 

Fourth, the digital watermark technology is not suitable m * e - 

for digital data, such as a Web page, containing several types 20 Here, the description that the cryptographic information 

of data. For example, when the technology is used for digital cannot be separated from the content without using the 

data containing text data, drawing data, and image data, each predetermined rule means that, when the predetermined rule 

type of data must be processed separately. is not used, the cryptographic information cannot be sepa- 

On the other hand, the digital signature technique is 2$ rated DV a method other than the trial-and-error method, 

cumbersome because digital data as well as the digital In this method, the cryptographic information is extracted 

signatures associated with the digital data must be managed from the content containing the cryptographic information 

as a pair. In addition, digital signatures, which can be for use in decrypting with the use of a public key paired with 

separated from digital data much easier than digital the private key used by the contenthandling persons, and 

watermarks, cannot be used for preventing illegal copies. ^ then the decrypted result is verified to check if it matches the 

Another problem with digital watermarks and digital specific data. If the content in which the cryptographic 
signatures is that, because they are invisible, the digital data information is embedded is an illegal copy, the content- 
user cannot immediately understand the relation between handling person of the content from which the illegal copy 
digital data indicated by digital watermarks or digital sig- wa s created may be identified. 

natures and an individual/organization. 35 In this case, this determination is made by verifying 

For example, digital watermarks and digital signatures do information embedded in the illegal copy, wherein the 

not present the user with information on the relation between information depends on the private key known only to the 

a Web page and an individual/organization in the same way content-handling person of the content and may be created 

as a Web page including logo marks as image data does. This onlv DV tbe content-handling person of the content. This 

means that digital watermarks and digital signatures do riot 40 makes clear the correspondence between the information 

directly guarantee that the relation between digital data embedded in the illegal copy and the content-handling 

indicated by digital watermarks or digital signatures and an person of the content from which the illegal copy was 

individual/organization corresponds to the relation between created. 

digital data presented directly to the user and the individual/ The cryptographic information embedded in the content 

organization. 45 may be a value dependent on the content into which the 

On the other hand, a logo mark added to a Web page is cryptographic information is to be embedded. For example, 

image data. Therefore, it cannot be authenticated that the the value may be a digital signature generated by encrypting 

Web page actually contains data that is indicated by the the hash value of the content. This value makes even clearer 

relation between the logo mark and an individual/ lhe correspondence between the information embedded in 

organization. 50 the illegal copy arid the content-handling person of the 

Take the logo mark of a credit card company for example. conteat ^ m which me Ule S al ™W was created. 

Imagine that an illegal user copies the logo mark of a credit To achieve the above object, this invention is an embed- 

card company from the Web page of a legal agent of the in-content information processing method for embedding 

company, pastes it into an appropriate location of the Web information on k (k is an integer equal to or larger than 2) 

page of the agent owned by the illegal user, and then stores 55 content-handling persons using an electronic computer. The 

the Web page in the WWW server so that any computer may method includes the steps of embedding a digital signature 

access it. In this case, a consumer may judge, from the logo mt0 tne content such that the digital signature cannot be 

mark of the credit card company contained in the Web page separated from the content without using a predetermined 

of the agent owned by the illegal user, that the agent is legal ™te> tn e digital signature being created by encrypting an 

and may send data necessary for settlement, such as a credit 60 n-bit hash value using a private key in accordance with a 

card number, to that WWW server. As a result, the illegal P^c key cipher system used by a first content-handling 

user is able to obtain the credit number of the consumer person, the n-bit hash value being obtained by evaluating the 

illegally and make an illegal profit. content with a first hash function; and sequentially repeating 

digital signature embedding for a second person to a k-th 
SUMMARY OF THE INVENTION 65 con tent-handling person, wherein, for an i-th content- 
In view of the foregoing, it is an object of this invention handling person (i is an integer between 2 and k), the content 
to provide a technique which authenticates the relation into which the digital signatures of the first to an (i-1) 
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contenthandling persons are embedded is evaluated with a authentication data for authenticating the digital data using 
second hash function, wherein a resulting n/2-bit hash value an electronic computer. The method includes the steps of 
is encrypted using the private key of the i-th content- generating mark data recognizable by a user when the user 
handling person to generate the digital signature of the i-th uses t he digital data; generating watermark-embedded mark 
content-handling person, and wherein the digital signature 5 data wherein specific information is embedded as a digital 
of the i-th content-handling person is embedded into the watermark into the mark-data; and including the watermark- 
content in which the digital signatures from the first to the embedded mark data into the digital data to generate the 
(i-l)th persons are already embedded such that the digital authenticatable digital data- 
signature of the i-th content-handling person cannot be . ..... c • c ** u u u 

t j c 4 . . . -«l 4 ■ -4 * ■ ~a In this method, the specific information may be a hash 

separated from the content without using a predetermined _ , ' . y . . 

ru j e & r jo value generated by evaluating the digital data with a prede- 

This method allows the k person's digital signatures to be te ™ined hash function- 
embedded into the content using n+(k-l) n/2 bits, with little The specific information may also be a digital signature 
effect on the security. generated by encrypting an evaluation value, generated by 

This invention is also an embed-in-content information evaluating the digital data with a predetermined function, 

processing method for embedding information on k (k is an 35 with a private key according to predetermined public key 

integer equal to or larger than 2) content-handling persons cipher. 

using an electronic computer. The method includes the steps According to those methods, the mark may be validated 
of creating a digital signature of a first content-handling with the information embedded in the watermark-embedded 
person by encrypting a hash value using a private key in mark data. The hash value embedded as the digital water- 
accordance with a public key cipher system of the first 20 mark may be used to authenticate that the mark is given to 
content-handling person, the hash value being created by the digital data. The digital signature embedded as the digital 
evaluating the content with a first hash function; watermark may be used to authenticate the validity of an 

sequentially repeating digital signature creation for a individual/organization which guarantees the mark, 

second person to a k-th content-handling persons to create ^ This invention also provides a plurality of systems for 

the digital signatures of the content-handling persons; and realizing the methods. 

embedding the digital signature of the k-th content-handling for example, this invention provides a content distribu- 

person into the content such that the digital signature cannot uon system comprising a distribution system outputting a 

be separated from the content without using a predetermined content to be distributed and a content receiving system 

rule, the digital signature being obtained by performing the 3Q receiving the distributed content. The distribution system 

digital signature creation for the k-th content -handling includes encrypting apparatus for encrypting a content to be 

person, wherein, during the digital signature creation pro- distributed and wherein the receiving system includes 

cessing for an i-th content-handling person (i is an integer decrypting apparatus for decrypting a distributed content; 

between 2 and k), a value dependent on the digital signature signature creating apparatus for creating cryptographic 

of the (i-)th content-handling person is encrypted using the 35 information by encrypting specific data using a private key 

private key of the i-th content-handling person to generate m accordance with a public key cipher system used by a user 

the digital signature of the (i-l)th content-handling person. 0 f the receiving system; and signature embedding apparatus 

According to the embed-in-content information processing f or embedding the created cryptographic information into 

method, when the value determined by the value of the the content such that the cryptographic information cannot 

digital signature is n bits long, embedding only n-bit data be separated from the content without using a predetermined 

into the content enables information for verifying k content- m \ c . 

handling persons to be embedded into the content. jhis invention also provides a content distribution system 
To achieve the above object, this invention is an infor- wherein the decrypting apparatus, the signature creating 
mation authentication method managed by a manager apparatus, and the signature embedding apparatus are con- 
trusted by both an information publisher and an information 45 figured such that decrypting cannot be performed by the 
browser, wherein the information publisher adds multimedia decrypting apparatus before the cryptographic information 
data to information published by the information publisher ^ created and embedded by the signature creating apparatus 
in such a way that the multimedia data may be validated and anc j t he signature embedding apparatus and wherein it is 
wherein the information browser checks the validity of the difficult to modify the receiving system such that decrypting 
information according to whether or not the multimedia data 5Q ^ performed by the decrypting apparatus before the cryp- 
is validated. tographic information is created and embedded by the 
In this method, the information is validated, for example, signature creating apparatus and the signature embedding 
by the manager, who is contacted by all participants, vali- apparatus, respectively. 

dating multimedia data added to the information. This invention also provides a content distribution system 

More specifically, a user who browses a Web page deter- 55 wherein the encrypting apparatus of the distribution system 

mines its validity according to whether the manager authen- encrypts the content using the public key of the user of the 

ticates the validity of the image data pasted in the Web page, receiving system and the decrypting apparatus of the receiv- 

that is, whether the image data is valid, and whether the ing system decrypts the content encrypted using the private 

manager authenticates the fact that the image data is pasted key of the user of the distribution system, 

in the Web. 60 These content distribution systems may have a verifica- 

In this method, when the multimedia data is validated, the tion system comprising signature extracting apparatus for 

information may be presented to the information browser as extracting cryptographic information from the content in 

necessary. For example, when the image data is determined which cryptographic information is embedded and signature 

to be' valid in the above Web page, the information may be verifying apparatus for verifying that a result obtained by 

filtered so that the Web page may be displayed. 65 decrypting the extracted cryptographic information using a 

To achieve the above objects, this invention provides a public key used by content-handling persons matches the 

method for creating authenticatable digital data including specific data. 
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In these content distribution systems, the signature creat- 
ing apparatus of the receiving system may use information 
containing a decrypted-con tent-dependent value as the spe- 
cific data and may use a digital signature which the receiving 
system user has for the content as the cryptographic 5 
information, the digital signature being generated by 
encrypting the specific data using the private key in accor- 
dance with the public key cipher system used by the receiv- 
ing system user 

This invention also provides a data processing system 10 
used to attach a signature to a content. This system includes 
digital signature creating apparatus for calculating a hash 
value by evaluating the content with a bash function and 
then encrypting the calculated hash value with a private key 
of a user of the data processing system in accordance with ^ 
the public key cipher system used by the user to generate a 
digital signature; and digital watermark creating apparatus 
for embedding the created digital signature into the content 
as a digital watermark. 

This invention also provides a system including a gen- 20 
eration system which generates authenticatable digital data 
and an authentication system which authenticates authenti- 
catable digital data, wherein the generation system includes 
apparatus for generating mark data recognizable by a user 
when a user uses the digital data; apparatus for generating 25 
watermark-embedded mark data into which specific infor- 
mation is embedded as a digital watermark; and apparatus 
for including the watermark-embedded mark data into the 
digital data to generate the authenticatable digital data and 
wherein the authentication system comprises apparatus for 30 
extracting the mark data from the authenticatable digital 
data; apparatus for extracting from the extracted mark data 
the predetermined information included as the digital water- 
mark; and apparatus for authenticating the digital data based 
on the extracted information. 35 

More specifically, the authenticatable digital data is a Web 
page containing mark data. Based on the information 
embedded in the mark data as the digital watermark, the 
authentication system authenticates the Web page as well as 
the contents output by the mark data when the Web page is 40 
browsed. In this case, note that the individual/organization 
which generates the authenticatable digital data need not be 
the individual/organization which publishes this Web page. 
In this case, the individual/organization, which generates the 
Web page containing the authenticatable digital data accord- 45 
ing to a request from the individual/organization which 
publishes the Web page, may also create that Web page. 

This invention also provides a recording medium includ- 
ing therein a program to be run by an electronic computer to 
execute the methods described above. 50 

For example, this invention provides a computer- readable 
medium having stored therein a program which causes an 
electronic computer to perform a program including the 
steps of generating mark data recognizable by a user when 
the user uses the digital data; generating watermark- 55 
embedded mark data into which specific information is 
embedded as a digital watermark; and including the 
watermark-embedded mark data into the digital data to 
generate the authenticatable digital data. 

BRIEF DESCRIPTION OF THE DRAWINGS 60 

FIG. 1 is a block diagram showing the configuration of a 
content distribution system used in a first embodiment of 
this invention. 

FIG. 2 is a block diagram showing the configuration of a 65 
provider system and a purchaser system used in the first 
embodiment of this invention. 



162 

10 

FIG. 3 is a diagram showing the general configuration of 
an electronic computer system used in the first invention of 
this invention. 

FIG. 4 is a flowchart showing the processing steps of 
content distribution of the first embodiment of this inven- 
tion. 

FIG. 5 is a flowchart showing the processing steps of 
content distribution of the first embodiment of this inven- 
tion. 

FIG. 6 is a flowchart showing the processing steps of 
content distribution of the first embodiment of this inven- 
tion. 

FIG. 7 is a block diagram showing the configuration of a 
second content distribution system used in a second embodi- 
ment of this invention. 

FIG. 8 is a block diagram showing the configuration of a 
provider system and a right-holder system used in the 
second embodiment of this invention. 

FIG. 9 is a diagram showing the outline configuration of 
an authentication system of a fourth embodiment of this 
invention. 

FIG. 10 is a block diagram showing the hardware con- 
figuration of a consumer terminal used in the fourth embodi- 
ment of this invention. 

FIG. 11 is a block diagram showing the hardware con- 
figuration of a vendor terminal used in the fourth embodi- 
ment of this invention. 

FIG. 12 is a block diagram showing the hardware con- 
figuration of a WWW server used in the fourth embodiment 
of this invention. 

FIG. 13 is a block diagram showing the hardware con- 
figuration of a management server used in the fourth 
embodiment of this invention. 

FIG. 14 is a flowchart showing the operation of the 
authentication system used in the fourth embodiment of this 
invention. 

FIG. 15 is a diagram showing the contents of the mark 
management DB used in the fourth embodiment of this 
invention. 

FIG. 16 is a block diagram showing the outline configu- 
ration of an authentication system used in the fifth embodi- 
ment of this invention. 

FIG. 17 is a block diagram showing the hardware con- 
figuration of a consumer terminal used in the fifth embodi- 
ment of this invention. 

FIG. 18 is a block diagram showing the hardware con- 
figuration of a mark management server used in the fifth 
embodiment of this invention. 

FIG. 19 is a flowchart showing the operation of the 
authentication system used in the fifth embodiment of this 
invention. 

FIG. 20 is a diagram showing the contents of the mark 
management DB used in the fifth embodiment of this 
invention. , 

FIG. 21 is a flowchart showing the operation of a mark 
management server used in a sixth embodiment of this 
invention. 

FIG. 22 is a flowchart showing the operation of a con- 
sumer terminal used in the sixth embodiment of this inven- 
tion. 

FIG. 23 is a flowchart showing the operation of a mark 
management server used in a seventh embodiment of this 
invention. 
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FIG. 24 is a flowchart showing the operation of a con- 
sumer terminal used in the seventh embodiment of this 
invention. 

FIG. 25 is a block diagram showing the hardware con- 
figuration of the consumer terminal used in the eighth 
embodiment of this invention. 

FIG. 26 is a block diagram showing the hardware con- 
figuration of a mark management server used in the eighth 
embodiment of this invention. 

FIG. 27 is a block diagram showing the hardware con- 
figuration of a vendor terminal used in the eighth embodi- 
ment of this invention. 

FIG. 28 is a flowchart showing the operation of a mark 
management serve used in the eighth embodiment of this 
invention. 

FIG. 29 is a flowchart showing the operation of a con- 
sumer terminal used in the eighth embodiment of this 
invention. 

DETAILED DESCRIPTION OF THE 
PREFERRED EMBODIMENTS 

The following describe some embodiments of this inven- 
tion. 

First, a first embodiment, a second embodiment, and a 
third embodiment which authenticate the relation between 
digital data and an individual/organization more reliably are 
described. 

First, the first embodiment will be described. 

The first embodiment explains an example of authentica- 
tion of the relation between digital data and an individual/ 
organization. More specifically, the embodiment explains an 
example of authentication of the relation between a content, 
one type of digital data, and a content purchaser, one type of 
individual/organization, in order to prevent the content from 
being copied illegally. However, it should be noted that the 
individual/organization need not always be a content pur- 
chaser. Depending upon the situation in which this embodi- 
ment is used, the first embodiment may be modified such 
that the individual/organization is a content copyright 
holder, a content vendor, a content wholesaler, or some other 
related person. In addition, in this embodiment and in the 
second and third embodiment that will be described later, the 
content is assumed to be image data. These embodiments 
may also be modified so that the content may contain other 
types of data, such as text data, drawing data, audio data, or 
video data. 

FIG. 1 shows the configuration of a content distribution 
system used in this embodiment. 

As shown in the figure, the content distribution system 
comprises a plurality of provider systems 100, each distrib- 
uting digital data contents, and a plurality of purchaser 
systems 200 each receiving distributed contents. 

Contents and other types of information are transferred 
between the provider systems 100 and the purchaser systems 
200 over a network 10 to which the provider systems 100 
and the purchaser systems 200 are connected. However, the 
network 10 is not always necessary. Contents and other 
types of information, stored on a storage medium such as a 
floppy disk, may also be transported or mailed between the 
provider system 100 and the purchaser system 200. 

FIG. 2 shows the configuration of the provider system 100 
and the purchaser system 200. 

As shown in the figure, the provider system 100 com- 
prises a processing module 110 and a storage module 120. 
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The processing module 110 comprises an input/output mod- 
ule 111 which performs input/output operations, a control- 
ling module 112 which controls the components of the 
provider system 100, a signature extracting module 113 
which extracts a digital signature from a content containing 
the digital signature, a signature verifying module 114 which 
verifies a digital signature, an encrypting module 115 which 
encrypts a content, and a sending/receiving module 116 
which sends or recejyes^xlaUjoor from. -. each pux chasEr 
sysjem 200 Jftc'Slfifag e moduleTZft stores contenjs j^l ano) 
^gj^cSS^keys X22f iNote~inat the vermcatiorT key*l2Z 
corresponds 1 10 the public key explained in Description of ° 
Related Art. 

As shown in figure, the purchaser system 200 comprises 
a processing module 210 and a storage module 220. The 
processing module 210 comprises an input/output module 
211 which performs input/output operations, a controlling 
module 212 which controls the components of the purchaser 
system 200, a sending/receiving module 213 which sends or 
receives data to or from the provider system 100, a.d£Ctyj2t- 

20 m^ftntp i\± whiah rioirry nis an encrypted conten t, a 
signature generating module 215 which generates a digital 
signature, a signature embedding module 216 which embeds 
a digital signature into a content, and a key generating 
module 217 which creates a signature key (private key) and 

25 a verification key (public key). The storage module 220 
stores signature key 221 and signature -embedded contents 
222. Note that the signature key 221 corresponds to the 
private key explained in Description of Related Art. 
As shown in FIG. 3, the provider system 100 and the 

30 purchaser system 200 may be built into an electronic com- 
puter system with a standard configuration where a CPU 

301, main storage 302, an external storage unit 303b which 
is a hard disk, an external storage unit 303a which is not a 
hard disk, a communication control unit 304, an input unit 
305 such as a keyboard or a pointing device, and an output 

35 device 306 such as a display unit are provided. 

The processing module 110 of the provider system 100 
and the components of the processing module 110 are 
processes implemented in the electronic computer system 
when the CPU 301 executes a program loaded into the main 

40 storage 302. In this case, the main storage 302 and the 
external storage units 303a and 3036 are used as the storage 
module 120 of the provider system 100. Similarly, the 
processing module 210 of the purchaser system 200 and the 
components of the processing module 210 are processes 

45 implemented in the electronic computer system when the 
CPU 301 executes a program loaded into the main storage 

302. In this case, the main storage 302 and the external 
storage units 303a and 303/> are used as the storage module 
220 of the purchaser system 200. 

50 A program for creating the provider system 100 and the 
purchaser system 200 in an electronic computer system is 
loaded into the main storage 302 for execution by the CPU 
301. The program is pre-recorded on the external storage 
unit 303/? and is loaded, as necessary, into the main storage 

55 302 for execution by the CPU 301. Alternatively, the pro- 
gram is pre-recorded on a portable recording medium 307 
such as a CD-ROM disc and is loaded directly, as necessary, 
via the external storage unit 303a for execution by the CPU 
301. It is also possible that the program is installed from the 
portable recording medium 307 via the external storage unit 

60 303a used for portable recording medium onto the external 
storage unit 303b such as a hard disk and is loaded, as 
necessary, into the main storage 302 for execution by the 
CPU 301. 

The following explains in detail a sequence of operations 
65 of the provider system 100 and the purchaser system 200 in 
time sequence, from content distribution to illegal copy 
detection. 
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First, before a content is distributed, the key generating module 120 and then tells the signature extracting module 

module 217 generates a signature key and a verification key 113 to extract the digital signature from the illegally-copied 

under control of the controlling module 212 of the purchaser content (step 601). Note that the storage module 120 of the 

system 200. These keys are generated in the same way as the provider system 100 contains the original content (with no 

conventional private key and public key. In the following 5 digital signature embedded) of the illegally-copied content, 

description, the private key is called the signature key, and This allows the signature extracting module 113 to find the 

the public key is called the verification key. difference between the original content and the illegally- 

_ Vext, the key generating module 217 stores the generated- ~{* copied content and therefore to extract the digital signature, 

signature key in the storage module 220 and, at the same * If il >s possible, the digital signature may be extracted 

time, passes the generated verification key to the controlling 30 according to the rule by which the digital signature was 

module 212. Upon receiving the verification key, the con- embedded into the content. 

trolling module 212 sends it to the provider system 100 via Next, the controlling module 112 tells the signature veri- 

the sending/receiving module 213. In the provider system fying module 114 to verify the digital signature (step 602). 

100, the verification key is received by the sending/receiving ,. To do so, the signature verifying module 114 decrypts the 

module 116 and is stored in the storage module 120.^-^'^ 5 extracted digital signature using the verification key 122 of 

After the above operation, the provider system 100 sends a user stored in the storage module 120 and compares the 

a content to the purchaser system 200 as follows. .. resulting value with the hash value obtained by evaluating 

™ . „. j i hi j *u *u • w ♦ * the original content in the storage module 120 with the use 

The controlling module 112 works with the input/output f *i_ u u «. *• *u* 

, ! . 6 tl . . * . u_ j- * -U , j j , of the same one-way hash function as that used by the 

module 111 to accept the content to be distributed and stores ■ , t ' _ r . . .... "L 

...... jt i i ri\ . - TTto a *u 20 purchaser system 200. If the rule used by the purchaser 

it in the storage module 120. Then, as shown in FIG. 4, the Y t .^J . ... . 4 . . ^ * * *u . . • 

. ii- j. i in * i *l *- j 1 11 c system 200 to embed the digital signature into the content is 

controlling module 112 controls the encrypting module 115 . J . , & _, * & . . . . 

° . . j . * in A. ( l c *u known only to the provider and if the digital signature may 

to encrypt the stored content 121 with the use of the . *. _ *. . iTl , . 

*c *■ i , * . .1 . _ j i tm/ • ^ be removed from the content according to that rule, the 

verification key 122 stored in the storage module 120 (step 7 - ......... • . , 

am\ j j *l . j . . * *i_ i_ // content from which the digital signature is removed may be 
401) and sends the encrypted content to the purchaser/ . . 

/ • 4 i_ j- , • • j 1 11// , AM\i 25 used instead of the original content, 

system 200 via the sending/receiving module 116 (step 402) & 

™ , . * nn r r 11 • If the hash value obtained by evaluating the original 

The purchaser system 200 performs the Following opera- t „ .... 1 j*.. / * ,7^., , . z~ 

l . A . . j content matches the value of the decrypted digital signature, 

tion when it receives the encrypted content. . , . , . .„ , Jr . rZ tt _ 

Jr it is determuied that the illegal copy was created by the 

As shown in FIG. 5, the controlling module 212 tells the purchaser corresponding to the verfication key used in 

decrypting module 214 to decrypt the encrypted content, 30 decrypting the digital signature. If not, the digital signature 

received by the sending/receiving module 213, using the extracted from the illegal copy is decrypted with the use of 

signature key stored in the storage module 220 (step 501) me verification key of some other purchaser and a check is 

and then asks the signature generating module 215 to made to see if the decrypted value matches the hash value of 

generate the digital signature of the decrypted content using me original content 

the signature key stored in the storage module 220 (step 35 ^ e firs , embodimen , of ^ mvention fa „ described 

502). above. 

To generate the digital signature the signature generating If> m the aboye embodimenU me purchaser system 200 

module 215 calculates the 160-bit hash value of the oq1 d fc a comem feceived from ^ ^ m 

decrypted content using a predetermined one-way hash m bu{ does nQt embed a di ilaI &{ K m(0 { ^ 

funcuon and then encrypts the resulting 160-bit hash value haser fc able t0 obtain me Mnt ^ D0 purc haser 

using the signature key stored m the storage module 220. mformation embedded. In this case, the purchaser cannot be 

Once the digital signature is generated, the controlling identified from an illegal copy of the content, 

module 212 tells the signature embedding module 216 to To avoid this> me above-described controlling module 

embed the digital signature into the decrypted content 2 12 is configured to perform both content decryption and 

inseparably according to a predetermined rule (step 503) and digital signature creation/embedding. Hardware protection 

stores then the signature-embedded content in the storage and software protection are used to ensure that these two will 

module 220. The digital signature is embedded, for example, always be paired. More specifically, the provider provides 

by the digital watermark technique explained in Description me purchascr ^th a program designed to perform both 

of Related Art. ^ digital signature creation and digital signature embedding. 

Now, assume that the purchaser has created an illegal The system is designed to allow only this program to decrypt 

copy of the content which is stored in the storage module a content sent from the provider system 100. Also, to prevent 

220 and into which the digital signature is embedded this program from being modified, this program is designed 

(without an appropriate authority to create a copy) and has to have some means for protecting it against modification, 

transferred the created copy to a third party. As explained in 55 Decryption and digital signature creation/embedding may 

Description of Related Art, the purchaser cannot remove the a lso be carried out, not by the CPU 301 of the electronic 

digital signature, which is embedded in the content, for computer shown in FIG. 3, but by a provider-supplied IC 

example, in the form of a digital watermark, from the card which is protected against modification. In this case, 

content. That is, the purchaser cannot create a complete but U po D receiving an encrypted content from the computer, the 

illegal copy which has no digital signature embedded. 6Q \q car d which is connected to the computer returns the 

When the illegally-copied content in which the digital content in which digital signature is embedded, 

signature is embedded is seized, the provider system 100 A hardware unit specifically designed to protect against 

performs the following to identify the purchaser who created modification may also be used. 

the illegal copy. As mentioned above, in order to identify the purchaser 

That is, as shown in FIG. 6, the controlling module 112 of 65 who created an illegal copy, the first embodiment uses a 

the provider system 100 works with the input/output module signature key (private key) which is known only to the 

111 to store the illegally -copied content in the storage purchaser and performs verification using information 
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which may be created only by the purchaser. Therefore, Assume that the signature key and the verification key of 
information embedded in an illegal copy is more useful in the provider system 100 have already been generated and 
identifying the purchaser who created the illegal copy. In that the verification key of the provider system 100 has been 
addition, because a digital signature based on a content- distributed to each right-holder system. Also assume that 
dependent hash value is embedded, the correspondence 5 eacD right-holder system 700 encrypts a content or various 
between the purchaser and the content is more clearly ' tvpes 0 f information using the verification key of the pro- 
understood, vidcr system 100 before sending them to the provider system 

Provided that embedded information is integrated into the iqq ana * tnat the provider system 100 decrypts received 

content inseparably, data known to the provider system 100 information using the signature key of the provider system 

and purchaser system 200 may also be used instead of a 3Q m ^ encry p tioD configuration and decryption configu- 

digital signature based on a content-dependent hash value fation of information xtA from eac h right-holder system 700 

For example a digital signature based on the hash value of (o me ider m 1(M) afe omiUed jn FIG ? 

text data such as a purchaser s name may be used. afe ^ same ag ^ of information sent from the 

The following describes the second embodiment of this providef system m {Q lQe right . holder system 700 or to the 

m !! ntlon: A JU ._, u A . f . 15 purchaser system 200. 

The second and thud embodiments explain an example of . * , * . u 

authentication of the relation between digital data' and A .\ ihls A S1 * uall0n ' b * fore c ' e ? ll "? 7 a ™ aX ? n } t * be 

individuals/organizations. More specifically, the embodi- distributed a key generating module 717 in the nght-holder 

ments explain an example of authentication of the relation system 700 generates a signature key and a verification key 

between a content, one type of digital data, and a plurality ™ der of a controlling module 712. These keys are 

of content copyright holders, one type of individual/ 20 generated in the same way as the conventional pnvate key 

organizations, in order to display the plurality of copyright and P ublic ke y are generated. s 

holders of the content. However, it should be noted that the ? L -Next, the key generating module 717 stores the generated 

plurality of individuals/organizations need not always be a signature key in a storage module 720 and, at the same time, 

plurality of content copyright holders. Depending upon the passes the generated verification key to the controlling 

situation in which the second embodiment and the third 25 module 712. The controlling module 712 sends this verifi- 

embodiment which will be described later are used, the cation key to the provider system 100 via a sending/ 

embodiments may be modified such that the individuals/ receiving module 713. The provider system 100 receives ^the^ 

organizations are a plurality of content purchasers, a plural- ^ verification key via the sending/receiving module 116~a1id 

ity of content vendors, a plurality of content wholesalers, or ' -stores it in the storage module 120. 

a combination of different types of individuals/ 30 After the above processing, the provider system 100 

organizations. sequentially sends a content to the right-holder systems 700 

The second embodiment relates to a distribution content of all right holders, one right-holder system at a time, and 

creation system which creates a distribution content in sends the content returned from each right-holder system to 

which a plurality of digital signatures of holders, such as a 35 the right-holder system 700 of the next right holder, 

plurality of copyright holders, are embedded. The controlling module 112 works with the input/output 

FIG. 7 shows the configuration of the distribution content module 111 to accept a distribution content, stores it in the 

creation system. storage module 120, asks the encrypting module 115 to 

As shown in the figure, the distribution content creation — \ encrypt the stored content 121 using the verification key 

system comprises one or a plurality of provider systems 100, 122, which is sent from the right-holder system 700 to which 
each distributing contents, and a plurality of right-holdst^Jthe content is to be sent and which is stored in the storage 

systems 700 used by right holders. Contents and other types module 120, and sends the encrypted content to the right- 

of information are transferred between the provider systems holder system 700 via the sending/receiving module 116. 

100 and the right-holder systems 700 over a network 10 to When the content encrypted using the verification key of the 

which the provider system 100 and the right-holder systems 45 provider system 100 is returned from the right-holder system 

700 are connected. However, the network 10 is not always 700, the provider system 100 decrypts it using the verifica- 

necessary. Contents and other types of information, stored tion key of the provider system 100, encrypts the content 

on a storage medium such as a floppy disk, may also be using the verification key of the next right-holder system 

transported or mailed between the provider system 100 and 700 to which the content is to be sent, and sends it to the next 

the right-holder system 700. In addition, the provider system 50 right-holder system 700. When sending the content, an 

100 used in this distribution content creation system may instruction to use an, abbreviated digital signature is sent to 

function also as the provider system 100 in the content tbe right-holders system 700 other than the first one. 

distribution system shown in FIG. 1 to combine two systems On the other hand, the right-holder system 700 which 

into one. receives the encrypted content from the provider system 100 

FI G. 8 shows the configuration of the provider system 100 55 performs the following, 

and the right-holder system 700. The controlling module 712 tells a decrypting module 714 

As shown in the figure, the provider system 100 has the to decrypt the encrypted content received via the sending/ 

same configuration as that of the provider system shown 100 receiving module 713 using the signature key stored in the 

in FIG. 2, and the right-holder system 700 has the same storage module 720, and tells a signature generating module 

configuration as that of the purchaser system 200 shown in 60 715 to generate a digital signature using the signature key of 

FIG. 2. Like the systems in the first embodiment, both the the decrypted content stored in the storage module 720. 

provider system 100 and the right-holder system 700 may be To generate the digital signature, the 160-bit hash value of 

implemented on an electronic computer such as the one the decrypted content is calculated using a predetermined 

shown in FIG. 3. one-way hash function and the resulting 160-bit hash value 

In the distribution content system like this, a distribution 65 is encrypted using the signature key stored in the storage 

content in which a plurality of signatures of right holders are module 720. If an instruction to use an abbreviated digital 

embedded is created as described below. signature is attached to the received content, an 80-bit hash 
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value is calculated and then encrypted using the signature When the provider system 100 receives the digital signa- 

key stored in the storage module 720 to create a digital ture from the right-holder system 700 of the last right holder, 

signature. it embeds the digital signature into the original content, for 

When the digital signature is generated, the controlling example, as a digital watermark, 

module 712 tells a signature embedding module 716 to 5 instead of embedding the digital signature, the provider 

embed the digital signature into the decrypted content system 100 may send the original content to the right-holder 

inseparably according to a predetermined rule Embedding tem 700 of me iast right holder t0 ask it to embed the g^, 

is earned out, for example, with the digital watermark di ^ si ^ ^ ^ content and tQ ^ {{ back {Q {hc 

technique described m Description of Related Art. The - , 

content into which the digital signature is embedded is then in ^ 

returned to the provider system 100 via the sending/ Dl S llal signature embedding may also be earned out as 

receiving module 713. follows. That is, the right-holder system 700 of the first right 

As a result, the final content, in which the digital signa- hoIder embeds a digital signature, created by encrypting the 

tures are embedded in the sequence as described below, is nasn vaIue of tne content, ml ° tne content, and sends the 

returned from the last right-holder system 700 to the pro- content to the next right-holder system 700 via the provider 

vider system 100. 15 system 100. The right-holder systems 700 of the second and 

Let the content, D, in which the i-th right holder's the subsequent right holders each extract the previous right 

signature is embedded, be represented as Fi (D). Then, the holder's digital signature from the content' in which the 

first right holder embeds the digital signature, which is the digital signature is embedded, encrypts the hash value of the 

160-bit hash value of the original content, into the content to extracted digital signature to create the digital signature of 

create Fl (D). The second right holder embeds the digital 20 his own, and embeds the created digital signature into the 

signature, which is the 80-bit hash value of the content in original content received from the provider system 100. 

which the first right holder's digital signature is embedded, Alternatively, each of the right-holder systems 700 replaces 

to create F2 (Fl (D)). This process is repeated, and the n-th the previous right holder's digital signature, embedded in 

right holder embeds the digital signature, which is the 80-bit the content, with the digital signature of his own. The 

hash value of the content in which the first to the (n-l)th 25 right-holder system 700 then sends the content, in which his 

right holder* s digital signatures are embedded, into the digital signature is embedded, to the next right-holder sys- 

content to create Fn (Fn-1( . . . (F2(F1(D)) . . . ). tem 700 via the provider system 100. 

A content to be distributed by the provider system 100 is p Verification of digital signatures embedded in the content 

the content returned from the last right holder. The 3Q \s carried out as described in Applied Cryptography, John 

sequentially-arranged digital signatures of all right holders Wilsy & Sons, Inc. (1996), pp 39-41, referenced in Descrip- 

are embedded in that content. /tion of Related Art. Note that the digital signature of the last 

As described above, in the second embodiment, the / right-holder is extracted from the content into which the 

number of bits of the hash value used by the second and the (digital signature was embedded. 

subsequent right holders is half the number of the hash value 35 The third embodiment of this invention is as described 

of the first right holder. This is because forging a content in above. 

which a digital signature is embedded is more difficult than l n the second and third embodiments, the size of the hash 

forging a content in which no digital signature is embedded. value used for the digital signatures of the second and the 

Therefore, the number of bits of the hash value of digital subsequent right holders is half that of the digital signature 

signature of the second and the subsequent right holders may ^ used for the first right holder, or the digital signature of the 

be reduced to half that of the first right holder with no effect second and subsequent right holders is created from the 

on the security. That is, the security is maintained as if the digital signature of the previous right holder. This makes it 

160-bit hash value was used for the digital signatures of all possible to embed the digital signatures of a plurality of right 

right holders. holders, preventing the quality of content data from being 

Verification of the content in which digital signatures are 45 degraded. Provided that embedded information is integrated 1 

embedded is carried out as in the first embodiment. into the content inseparably, data known to the provider 

Next, the third embodiment of this invention will be system 100 and right-holder system 700 may also be used 

described. instead of a digital signature based on a content-dependent 

The third embodiment is a modification of the digital hash value. For example, a digital signature based on the 

signature embedding method for right holders which was 50 nasn value of text data > ^ a purchaser's name, may be 

described in the second embodiment. used. 

That is, in the third embodiment, the first right holder The following describe fourth to eighth embodiments. In 

encrypts the content sent from the provider to generate a these embodiments, the relation between digital data and an 

digital signature as in the second embodiment. However, individual/organization can be authenticated and, at the 

unlike the second embodiment, the right-holder system 70 0 55 same time, information on the individual/organization is 

of the first right holder does not embed the digital signature presented directly to a user so that the user can authenticate 

in the content but returns the digital signature to the provider the relation between digital data and the individual/ 

system 100. The provider system 100 receives the digital organization. 

signature of the first right holder and sends it to the right- In the fourth to eighth embodiments, the following is 

holder system 700 of the second right holder. The second 60 assumed: the digital data is a Web page, the individual/ 

right-holder system 700 encrypts the hash value of the first organization whose relation with the Web page is to be 

right holder's digital signature to generate a digital signa- authenticated is a credit card company, and a vendor uses the 

ture. This process is repeated for the subsequent right logo mark of the credit card company in the Web page. Note 

holders. The right- holder system 700 of the second and the that this is an example. Depending upon the situation, the 

subsequent right holders encrypts the hash value of the 65 individual/organization whose relation with the Web page is 

previous right holder's digital signature to generate his own to be authenticated may be any individual/organization other 

digital signature. than a credit card company; for example, it may be a Web 
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page creator or any individual/organization which approves FIG. 10 shows the hardware configuration of the con- 

the relation with the Web page (for example, a Web page sumer terminal 1101. 

evaluation or recommendation organization). Similarly, the shown in FIG. 10, the consumer terminal 1101 used in 

vendor in the example may be replaced with a Web page lhe forth embodiment comprises the display unit 1102, the 

provider who uses the logo mark of an individual/ 5 input unit 110 3 a communication interface 1201, a storage 

organization whose relation with the Web page is to be um( m2 a cemral processmg un j t (CPU) 1203, and a 

authenticated. temporary storage unit (memory) 1204, all interconnected 

In the fourth to eight embodiments, digital data is directly ^ a ^ ^200. 

presented to the user with the use of the logo mark (image . 11A * , , m „^„^ *u r 

V x r * j- w • i_ i \u The display unit 1102, used to display messages tor the 

data) of an individual/organization whose relation with the 1fl %\jL » , • , lim * 

*; , , . . , . * a 'f ^u:^, 30 consumer 1100 who uses the consumer terminal 1101, is 

digital data is to be authenticated. This presentation object , , „_ .. , . , e 

may take another form that may be sensible to the user when composed of a CRT, a liquid crystal display, and so forth, 

the user uses the digital data. For example, text data, The input unit 1103, used by the consumer 1100 on the 

drawing data, audio data, and video data may be used. consumer terminal 1101 to enter data or instructions, is 

Alternatively, the presentation object need not be an object composed of a keyboard, mouse, and so forth, 

which directly represents an individual/organization whose 35 jh e communication interface 1201 is an interface through 

relation with the digital data is to be authenticated; for which data is transferred to or from the WWW server 1113 

example, a mark representing the digital data evaluation or mark man agement server 1122 via the communication 

result produced by an individual/organization may be used. network 1140. 

First, the fourth embodiment will be described. 2Q The storage unit 1202, usually a hard disk unit or floppy 

FIG. 9 shows the configuration of an authentication um ^ perma nentry stores the programs and data to be 

system used in the fourth embodiment. use£ j by the consumer terminal 1101. 

As shown in the figure, the authentication system is used -t^ cprj 1203 integrally controls the components of the 
by a plurality of consumers 1100-1 to 1100-n (hereafter, also consumer terminal 1101 and performs various types of 
called consumer 1100) who buy goods, a vendor 1110 who 25 oper ation. 
sells goods, and a mark manager 1120 who manages various mem ory 1204 temporarily contains the programs 
types of mark. As shown in FIG. 9, a plurality of consumer by me cpu U03 {Q perform the above processing, 
terminals 1101-1 to 1101-n (hereafter, also called a con- These programs include an operating system 1204a 
sumer terminal 1101), a vendor terminal 1112, a WWW (hereafter also called OS 1204a), the browser program 
server 1113, and a mark management server 1122 are 3Q 12 04b 7 and a validity check program A 1204c. 
interconnected via a communication network 1140 such as Tfae QS UQ4q rforms the file man agement, process 
the Internet. The mark manager 1120 is an authentic orga- ma menl or dcvice manage ment functions for all co- 
nization available for use by all mark owners (such as sum er terminals 1101 

vendor 1110) in this system. Note that the mark owner may ^ ^ aUows ^ ^ 

also act as the markmanager 1120. In this case, the vendor 35 co^nZication with the WWW server 1113 to 

terminal 1112, WWW server 1113, and mark management ^ ^ Web Dfi m4 

server 1122 may share the same mac ^ The validity check program A 1204c allows the consumer 

™ 6 «"™«Jfnninal 1101 is a terminal used by he * communicate with the mark management 

consumer 1100. The consumer terminal 1101 has a disp ay ^ rf ^ mark lQ ^ 

unit U02onwhichdocumentdataorimage^ „ downlo aded from the WWW server 1113. 

to the consumer 1100 and an input unit 1103-1 or 1103-2 *; » t_ LJ c r.u a 

(hereafter, also simply called an input unit 1103) through FIG - *} f™* the hardware configuraUon of the vendor 

which the consumer 1100 enters data and instructions. The terminal 1112. 

consumer 1100 transfers data to or from the vendor 1110 or As shown in FIG. 11, the vendor terminal 1112 used in the 

the mark manager 1120 via the consumer terminal 1101 and „ fourth embodiment comprises a display unit 1301, an input 

communication network 1140. "nit 1302, a communication network mterface 1303, a 

The vendor terminal 1112 is a terminal used by the vendor stora S e UDlt 1304 > a ccntral Processing umt CPU) 1305, and 

1110. The vendor 1110 uses the vendor terminal 1112 to a temporary storage unit (memory) 1306, all interconnected 

create a Web page of a store 1111 that is managed by the bv a bus 1300 - i# t 

vendor or to transfer data to or from the mark manager 1120. 50 ' The display unit 1301, used to display messages for the 

The WWW server 1113, which is a server on which a vendor 1110 who uses the vendor terminal 1112, 
la ter-described WWW server program 14076 runs, sends a ^ of a CRT ' a CTVStal * nd *° ° rth - u 
Web page stored in a Web page DB 1114 when accessed by The input unit 1302, used by the vendor 1110 on the 
a later-described browser program 12046 via the consumer vendor terminal 1112 to enter data or instructions, is corn- 
terminal 1101. The Web page which is sent is displayed on 55 P osed of a keyboard, mouse, and so forth, 
the display unit 1102 on the consumer terminal 1101. The communication interface 1303 is an mterface through 

The mark management server 1122 sends a mark upon w h«=h data is transferred to or from the WWW server 1113 

request from the vendor 1110. In addition, upon request from or mark management server 1122 via the communication 

the consumer 1100, the server 1112 checks the validity of the network 1140. 

mark (that is, checks if the mark was sent from the mark 6 o The storage unit 1304, usually a hard disk unit or floppy 

management server 1122 to the vendor 1110 before the disk unit, permanently stores the programs and data to be 

request was received) and sends the result back to the used by the vendor terminal 1112. 

consumer 1100. The CPU 1305 integrally controls the components of the 

Next, the consumer terminal 1101, the WWW server vendor terminal 1112 and performs various types of opera- 

1113, and the mark management server 1122, which are 65 tion. 

comprised in the authentication system of the fourth The memory 1306 temporarily contains the programs 

embodiment, are described. used by the CPU 1305 to perform the above processing. 
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These programs include an OS 1306a, a Web page creation The communication interface 1503 is an interface through 
program 1306ft, and mark acquisition program 1306c. which data is transferred to or from the consumer terminal 
The OS 1306a performs the file management, process 1101 or vendor terminal 1112 via the communication net- 
management, or device management functions for the whole work 1140. 

vendor terminal 1112. 5 The mark management DB interface 1504 is an interface 

A Web page creation program 1306ft communicates with through which data is transferred to or from a mark man- 

the WWW server 1113 when the vendor 1110 creates a Web a g em ent DB 1123. The mark management DB 1123 is used 

page and stores the created Web page in the Web page DB fof mark managemen t and contains data on mark types, 

mark expiration periods, vendor ID information, URLs of 

A mark acquisition program 1306c allows the vendor i 0 vendor's Web pages, and so forth in such a format as is 

terminal 1112 to communicate with the mark management sfaown ^ nG 15 , t ^ , m HG 15 that> wbeQ QO 

server 1122 to acquire a mark to be pasted mto a Web page. expiration period ^ prov ided for marks or when the mark 

FIG. 12 shows the hardware configuration of the WWW manager u20 issues only one type of mark, the correspond- 

server 1113. * items (expiration period and mark type) need not be 

As shown in FIG. 12, the WWW server 1113 used in the 15 managed 

fourth embodiment comprises a display unit 1401, an input ~* . » • _* j * i a 

unit 1402, a communication network interface 1403, a Web ™* stora g e umt 1505 ' a hard disk um ! ° r a flo PP v 

page DB interface 1404, a storage unit 1405, a central disk unil > permanently stores the programs and data to be 

processing unit (CPU) 1406, and a temporary storage unit uscd bv the mark management server 1122. 

(memory) 1407, all interconnected by a bus 1400. 20 The CPU 1506 integrally controls the components of the 

The display unit 1401, used to display messages for the mark management server 1122 and performs various types 

vendor 1110 who uses the WWW server 1113, is composed of operation. 

of a CRT, a liquid crystal display, and so forth. The memory 1507 temporarily contains the programs 

The input unit 1402, used by the vendor 1110 on the used by the CPU 1506 to perform the above processing. 

WWW server 1113 to enter data or instructions, is composed 25 These programs include an OS 1507a and a mark manage- 

of a keyboard, mouse, and so forth. ment program A 1507b. 

The communication interface 1403 is an interface through The OS 1507a performs the file management, process 

which data is transferred to or from the consumer terminal management, or device management functions to control the 

1101 or vendor terminal 1112 via the communication net- whole mark management server 1122. 

work 1140. 30 Upon receiving a mark-send request from the vendor 

The Web page DB interface 1404 is an interface through terminal 1112, the mark management program A 15076 

which data is transferred to or from the Web page DB 1114. checks the vendor 1110 to see if a mark is to be sent and, if 

The storage unit 1405, usually a hard disk unit or a floppy the mark is to be sent, sends the mark managed in the mark 
disk unit, permanently stores the programs and data to be management DB 1123 to the vendor 1110. When the con- 
used by the WWW server 1113. 35 sumer terminal 1101 sends a mark validity check request, the 

The CPU 1406 integrally controls the components of the mark management program A 15076 references the mark 

WWW server 1113 and performs various types of operation. management DB 1123 to check the validity of the mark and 

The memory 1407 temporarily contains the programs returns the result, 

used by the CPU 1406 to perform the above processing. Next, the operation of the authentication system used in 

These programs include an OS 1407a and a WWW server 40 the fourth embodiment will be explained, 

program 1407/>. FIG. 14 shows a series of operations that are performed 

The OS 1407a performs the file management, process when the vendor 1110 receives a mark from the mark 

management, or device management functions to control the manager 1120, the vendor 1110 pastes the mark in the Web 

whole WWW server 1113. 45 page for publication, and then the consumer 1100 browses 

The WWW server program 14076 communicate with the the Web page and checks the validity of the Web page. The 

vendor terminal 1112 and stores received Web pages in the figure shows the operation of each person: consumer 1100, 

Web page DB 1114. It also sends Web pages from the Web vendor 1110, and mark manager 1120. 

page DB 1114 when a request is issued from the browser In FIG. 14, the consumer 1100 uses the consumer terminal 

program 12046 running on the consumer terminal 1101. 5Q 1101, and the vendor 1110 uses the vendor terminal 1112 and 

FIG. 13 shows the hardware configuration of the mark the WWW server 1113. The mark manager 1120 uses the 

management server 1122. mark management server 1122. 

As shown in FIG. 13, the mark management server 1122 First, the vendor 1110 sends a mark -send request, speci- 

used in the fourth embodiment comprises a display unit fying the URL of his own Web page and a mark type, to the 

1501, an input unit 1502, a communication network inter- 55 mark manager 1120 (step 1600). 

face 1503, a mark management DB interface 1504, a storage Upon receiving the request, the mark manager 1120 

unit 1505, a central processing unit (CPU) 1506, and a determines whether or not the mark specified by the mark 

temporary storage unit (memory) 1507, all interconnected t y pe requested by the request is to be sent to the vendor 1110 

by a bus 1500. (step 1601) and, if the mark manager 1120 determines to do 

The display unit 1501, used to display messages for the 60 so, updates the mark management DB 1123 (step 1602) and 

mark manager 1120 who uses the mark management server sends the mark to the vendor 1110 (step 1603). If the mark 

1122, is composed of a CRT, a liquid crystal display, and so manager 1120 determines not to do so, he sends the message 

forth. stating this fact to the vendor 1110. In the fourth 

The input unit 1502, used by the mark manager 1120 on embodiment, whether or not to send the mark depends on 

the mark management server 1122 to enter data or 65 whether the vendor 1110 has a right to gel the mark, that is 

instructions, is composed of a keyboard, mouse, and so whether the store of the vendor 1110 is an agent of the credit 

forth. card company corresponding to the requested logo mark. 
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Depending upon the situation in which the mark is used, own Web page, the validity of the mark cannot be checked 

other criteria may be used. during the validity check because the mark management DB 

When the vendor 1110 receives the mark, he creates a U23 managed by the mark manager does not contain a 

Web page in which the mark is pasted (step 1604), sets in the record indicating that the mark was sent to the Web page of 

mark the link to the mark manager 1120 (step 1605), and * the illegal user. As a result, the consumer 1100 who browses 

stores the Web page in the Web page DB 1114 for access by *e vendor's Web page can check the vahdity of the infor- 

the consumer 1100 (step 1606). ma,ion indicated by the mark pasted m the Web page. 

^Next, the consumer 1100 sends a Web page send request, In fourth embodiment, the validity checkis triggered 

/ including the URL of the above-described Web page, to the by the consumer 1100 clicking on the mark. The embod.- 

/ vendor 1110 (step 1607) 10 menl mav be modlfied 50 ,nat the valldlt y check * mggered 

• . ... j inn u automatically when the Web page is received. It may also be 

Upon receiving the request^ the vendor 1110 searches he We|> fa dig j d wheD ^ mafk 

Web page DB 1114 for the Web page corresponding to the . 

requested URL (step 1608) and returns it to the consumer isvaae. „ , , . . .. . . 

linn (<i rr > V")V\ In tne description of the fourth embodiment, the vendor 

, iiuu isiep i.jy). ]5 (he m3 afe mc 

Upon receiving the Web page the consumer 1100 d,s- Hq m ^ ^ same machine 

plays it (step 1610) and then clicks the mark pasted on the J \ 

displayed Web page (step 1611) in order to send the validity . The fifth embodiment will be described below, 

check request, including the URL of the Web page, to the FIG. 16 shows the configuration of an authentication 

mark manager 1120 (step 1611). If, at that time, the validity 20 system used in the fifth embodiment, 

check-request cannot be sent to the mark manager 1120 ["The configuration of the authentication system used in the 

because link to the mark manager 1120 is not specified for £fth embodiment is basically the same as that shown in FIG. 

the mark, the consumer U00 determines that the validity of to except that public keys DB 1801-1 to 1801-n (hereafter 

the mark cannot be confirmed (i.e., the mark is invalid) and /called public key DB 1801) are each connected to consumer 

ends processing. 2sj terminals 1800-1 to 1800-n (hereafter called consumer ter- 



When the mark manager 1120 receives the request, he 
searches the mark management DB 1123 to check if the 



minal 1800). 

The public key DB 1801, like the one shown in FIG. 20, 



mark has already been sent to the vendor 1110 specified by j is used for management of the pubic keys of mark manager 

the URL in the request and, if the mark has already been i 1120. These public keys are used for verifying digital 

sent, checks that the mark has not yet expired (step 1612). 3p signatures (hereafter also called signature) generated by 

The mark manager 1120 then sends one of the following j ,-»ark manager 1120. 

three results to the consumer 1100 (step 1613): <1> The pjQ u shows the hardware configuration of the con- 
mark has not yet been issued to the vendor 1U0 specified by sumer terminal 1800 used in the fifth embodiment, 
the URL; <2> The mark has already been issued to the hardware configuration of the consumer terminal 
vendor 1110 specified by the URL but has already expired; 35 im ^ in mc ^ cm bodiment is basically the same as 
<3> The mark has already been issued to the vendor 1110 mat shown ^ nG 10 except that a public key D b interface 
specified by the URL and the mark has not yet expired. 1 < wo fc prov ided and that a validity check program B 1902 

Finally, processing ends when the consumer 1100 con- js stored in and run from a memory 1901. 

firms the above result (step 1614). -phe pu blic key DB interface 1900 is an interface via 

In the above procedure, the validity check result infor- 40 which data is transferred to or from the public key DB 1801. 

mation is sent to the consumer 1100 in the form of the The validity check program B 1902 communicates with a 

balloon message, saying "Valid", displayed on the display ma rk management server 1810 to get the public key of the 

unit 1102 as shown in FIG. 9 (or "Invalid", "Expired", "Link ma rk manager 1120 and to validate the mark containing the 

invalid"). Other display methods may be used. Sounds may signature pasted in the Web page downloaded from the 

be used, or sounds and display messages may be combined. WWW server 1113. 

In the fourth embodiment, the mark manager 1120 sends FIG. 18 shows the hardware configuration of the mark 

a mark to only the vendor 1110 which is eligible to receive management server 1810 used in this embodiment, 

the mark, with the mark related information (ID of the The hardware configuration of the mark management 

vendor 1110 to which the mark was sent, URL of the Web 5Q server igiQ used in the fifth embodiment is basically the 

page, expiration status of the mark) managed in the mark same ^ ma t shown in FIG. 13, except that a validity check 

management DB 1123. In addition, the mark manager 1120 program B 11001 is stored in and run from a memory 11000. 

references the mark management DB 1123 to check if the Tfae validity check pr0 gram B 11001 performs the fol- 

mark has already been sent to the vendor 1110 specified by /owing two operations: (1) when a public key send-request 

the URL included in the validity check request that was sent 55 L received from the consumer terminal 1800, the program 

from the consumer 1100. If the mark has already been sent, me public key ( 2 ) when a mark sendrequest is 

the mark manager checks that the mark has not expired and rece ived from the vendor terminal 1112, the program checks 

informs the consumer 1100 of the result. / lhe venc jor 1110 to see if the mark should be sent and, if the 

The consumer 1100 uses the link information stored in the | mark should be sent, creates a digital signature by using the 



mark pasted in the Web page to contact the mark manager 
1120 and to confirm the validity of the mark. If the link to 
the mark manager 1120 is not set up correctly and therefore 
the validity check request cannot be sent to the mark 
manager 1120, the consumer 1100 determines that the mark 
is not validated (invalid mark). $ > 

Therefore, in the fourth embodiment, if an illegal vendor 



private key for the data indicating the URL of the Web page 
of the vendor 1U0, creates a signature-containing mark by 
combining the digital signature^with the mark managed in 
the mark management DB 1123;^and then sends the 
signature-containing mark to the vendor 1110. The digital 
signature may be combined with the mark means, for 
example, by embedding the digital signature, in the form of 



copies the mark from the Web page of a legal vendor into his \a digital watermark, into the mark using the above-described 
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digital watermark technique. The digital watermark tech- Upon receiving the request, the vendor 1110 searches the 

nique allows information to be embedded with little change Web page DB 1114 for the Web page corresponding to the 

on the image data. The digital watermark technique may be requested URL (step 111U) and returns it to the consumer 

used to embed information into a mark because it is one type 1100 (step 11112). 

of image data.. Because there are several types of digital 5 upon receiving the Web page, the consumer 1100 dis- 
watermark (for example, for color images, monochrome p i ays j t ( step 11113) an d then clicks on the signature- 
images, or binary images), information may be embedded containing mark pasted on the displayed Web page (step 
into various types of mark. Another method, if available, 11114) in order to verify the signature contained in the 
may also be used to embed information into the mark. Note signature-containing mark using the public key of the mark 
that when a digital watermark is used, the mark may be 10 manager 1120 stored in the public key DB 1801 and the URL 
deformed a little provided the mark can be appropriately data of the Web page (step 11D5). Depending upon whether 
identified (the logo mark of each credit company may be t he signature is correctly verified, the consumer 1100 checks 
uniquely identified). the validity of the signature-containing mark and ends 

Public key cipher system used for signatures include a processing (step 11116). 

system using prime factorizing or an ellipse curve. 15 [ n the above procedure, the validity check result infor- 

Next, the operation of the authentication system used in mation is sent to the consumer 1100 in the form of the 

the fifth embodiment will be described. balloon message, saying "Valid", displayed on the display 

FIG. 19 shows a series of operations that is performed in unit 1102 as shown in FIG. 16 (or "Invalid", "Necessary 

this embodiment. In the series of operations, the consumer public key missing"). Other display methods may be used. 

1100 gets the public key of the mark manager 1120, the 20 Sounds may be used, or sounds and display messages may 

vendor 1110 receives a mark from the mark manager 1120 be combined. 

and pastes the mark in the Web page for publication, and i n the above fifth embodiment, the mark manager 1120 

then the consumer 1100 browses the Web page and checks sends the signature-containing mark only to the vendor 1110 

the validity of the Web page. The figure shows the operation wn0 is eligible to accept the signature-containing mark. The 

of each person: consumer 1100, vendor 1110, and mark 25 URL of the Web page of the vendor 1110 is used as an 

manager 1120. element for generating the signature-containing mark. 

In FIG. 19, the consumer 1100 uses the consumer terminal xhe consumer 1100 verifies the signature contained in the 

1800, the vendor 1110 uses the vendor terminal 1112 and the signature-containing mark pasted in the Web page using the 

WWW server 1113, and the mark manager 1120 uses the pu biic key of the mark manager 1120 and the URL data of 

mark management server 1810. 30 the Web page. 

First, the consumer 1100 sends a public key send request Therefore, when an illegal user copies a signature- 
to the mark manager 1120 (step 11100). containing mark from the Web page of an agent and pastes 

Upon receiving the request, the mark manager 1120 (step it into his own Web page, the URL of the Web page of the 
11101) returns his own public key to the consumer 1100 35 illegal user does not match the URL contained in the 
(step 11102). signature and so the mark cannot be validated during valid- 
- The consumer 1100, who receives the public key from the ity check processing. As a result, the consumer 1100 brows- 
mark manager 1120, stores the public key in the public key ing the Web page of the vendor 1110 can validate the 
DB 1801 (step 11103). information indicated by the mark pasted in the Web page. 

Next, the vendor 1110 sends a mark-send request, sped- m In the fifth embodiment, the validity check is triggered by 

fying the URL of his own Web page and a mark type, to the the consumer 1100 clicking the mark. As in the fourth 

mark manager 1120 (step 11104). embodiment, this embodiment may be modified so that the 

Upon receiving the request, the mark manager 1120 validity check is triggered automatically when the Web page 
determines whether or not the mark specified by the mark is received. It may also be modified so that the Web page is 
type contained in the request is to be sent to the vendor 1110 45 displayed when the mark is validated, 
(step 11105) and, if the mark manager 1120 determines to do In this embodiment, the vendor 1110 gets the mark and 
so, he generates a signature using the URL data specified by then the consumer 1100 gets the public key. This sequence 
the request and the private key, and combines the generated may be reversed. However, when the consumer 1100 gets 
signature with the mark specified by the mark type to the public key before accessing the Web page in step U110 
generate a signature-containing mark (step 11106). The 50 as in the fifth embodiment, the public key need not be 
mark manager 1120 then sends the generated signature- obtained each time the Web page is accessed, 
containing mark to the vendor 1110. (step 11107). If the In the description of the fifth embodiment, the vendor 
mark manager 1120 determines not to send the mark, he terminal 1112 and the WWW server 1113 are separate 
sends the message stating this fact to the vendor 1110. In this machines. However, they may be the same machine, 
embodiment, whether or not the mark to be sent depends on 55 i n the fifth embodiment, a signature is created only for the 
whether the vendor 1110 has a right to obtain the mark, that URL data of the Web page. The signature may also be 
is whether the store is an agent of the credit card company created for the image data used as a mark. This prevents the 
corresponding to the requested logo mark, as in the fourth vendor 1110 from creating a mark containing a forged 
embodiment. Depending upon the situation in which the signature by retrieving only the signature from the signature- 
mark is used, other criteria may be used. ^ containing mark received from the mark manager 1120 and 

When the vendor 1110 receives the mark, he creates a combining the retrieved signature with the mark of some 

Web page in which the signature-containing mark is pasted other credit card company, thus ensuring safety. In addition, 

(step 11108), and stores the Web page in the Web page DB the vendor 1110 may previously create a Web page in which 

1114 for access by the consumer 1100 (step 11109). the mark is to be pasted and may send the Web page to the 

Next, the consumer 1100 sends a Web page send request, 65 mark manager 1120 with a mark send request so that the 

including the URL of the above-described Web page, to the digital signature is created for the Web page. This prevents 

vendor 1110 (step 11110). the signature-containing mark from being pasted on the 
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other Web page. That is, the signature -containing mark can 
be used for presenting the contents of the Web page. 
Therefore, this modification is suitable for a system in which 
the contents of a Web page must be guaranteed by some 
authentic person. 

In addition, a signature and a mark are combined into a 
signature-containing mark in the fifth embodiment. The 
embodiment may be modified so that the vendor 1110 may 
previously create a Web page into which the mark is to be 
pasted and may send the created Web page to the mark 
manager 1120 with the mark-send request. In this case, the 
mark manager 1120 may add filtering data, created based on 
the Web page contents, to the signature-containing mark as 
the attribute information. 

This allows only some specific Web pages to be filtered 
for display. For example, only the Web pages in which 
recommendation marks issued by some Web page evalua- 
tion organization are pasted and which are valid may be 
filtered. To do so, a filtering program must be installed on the 
consumer terminal 1101 in advance. This program has the 
filtering setup function which allows the consumer 1100 to 
specify the type of mark to be displayed on the display unit 
1102 of the consumer terminal 1101 and the filtering execu- 
tion function which allows the consumer 1100 to specify not 
to display the other marks. This may also be applied to a 
system through which the user can filter out Web pages not 
to be presented to children because they include violent 
scenes. 

The programs stored in the terminals and servers used in 
the fourth and fifth embodiments usually run under control 
of the operating system controlling the unit and, through the 
operating system, transfer data and command to and from 
the hardware components of the unit. Of course, the pro- 
grams may transfer data and command with the hardware 
components directly, not via the operating system. 

As described above, in the fourth and fifth embodiments, 
a user who browses a Web page can correctly validate 
information indicated by image data pasted in the Web page. 

A sixth embodiment of this invention will now be 
described. 

The configuration of an authentication system used in the 
sixth embodiment is basically the same as that of the 
authentication system explained in the fourth embodiment 
(FIG. 9 to FIG. 13) except that the validity check program 
A 1204c in the memory 1204 of the consumer terminal 1101 
is replaced by the validity check program C, that the mark 
management program A 15076 in the memory 1507 of the 
mark management server 1122 is replaced by the mark 
management program C, and that the mark acquisition 
program in the memory 1306 of the vendor terminal 1112 is 
replaced by the mark acquisition program C 

The operation of the authentication system used in the 
sixth embodiment will be described below. 

First, the mark acquisition program C running on the 
vendor terminal 1112 sends a mark-send request, as well as 
his own Web page data, to the mark management server 
1122. 

Upon receiving the request, the mark management pro- 
gram C running on the mark management server 1122 
checks if a mark should be sent to the vendor 1110 on the 
vendor terminal 1112 from which the request was sent and, 
if it is determined that the mark should be sent, performs 
processing shown in FIG. 21. 

That is, the server 1122 reads a mark 2709 and a prede- 
termined information 2708 to be embedded into the mark 
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2709 (for example, text to be presented to a mark manage- 
ment organization 1121) from the mark management DB 
1123 and embeds the predetermined information 2708 into 
the mark 2709 as a digital watermark (step 2705). The server 

5 1122 then modifies Web page data 2711 sent with the 
mark-send request so that a mark 2710 into which the digital 
watermark was embedded is displayed in the Web page (step 
2706), and sends modified Web page data 2712 to the mark 
acquisition program C running on the vendor terminal 1112 

10 (step 2707). 

The mark acquisition program C stores, via the WWW 
server 1113, the Web page data sent from the mark man- 
agement server 1122 into the Web page DB 1114. 
After that, when a request is entered from the consumer 

* 5 1100 via. the browser program 12046, this Web page is sent 
to the consumer terminal 1101 and displayed on the display 
unit 1102. 

On the other hand, the validity check program. C running 
on the consumer terminal 1101 checks the validity of the 

20 Web page when the consumer 1100 enters a request (for 
example, when the consumer clicks the mark). 

That is, as shown in FIG. 22, the program first extracts a 
mark 2909 from a Web page 2908 to check its validity (step 
2905), extracts information 2910 embedded in the extracted 

25 mark 2909 as a digital watermark (step 2906), and displays 
the extracted information on the display unit 1102 (step 
2907). 

Information necessary to extract the information 2910, 

30 embedded as the digital watermark, from the extracted mark 
2909 should be obtained in advance from the mark man- 
agement server 1122 (for example, the original mark into 
which the watermark shown in step 2710 of FIG. 21 is not 
yet embedded, or information identifying algorithm to 

35 restore the information 2910 by using difference data 
between the original mark and the extracted mark 2909). To 
do so, the validity check program C is designed to send a 
validity check confirmation information request to the mark 
management server 1122 as requested by the consumer 

^ 1100, and store information received in response to the 
request in the memory 1204 or in the storage unit 1202. The 
mark management program C running on the mark man- 
agement server 1122 is also designed to send the required 
information back to the consumer terminal 1101 in response 

45 to the validity check confirmation information request. 

The sixth embodiment of this invention is as described 
above. 

In this embodiment, a mark in which a digital signature is 
embedded is pasted into a Web page instead of a simple 

50 mark. This type of mark enables the authentication of the 
relation between the Web page and the individual/ 
organization to be validated correctly. The Web page also 
contains a mark showing the related individual/organization. 
Because the mark, usually displayed in the Web page, is used 

55 to authenticate the relation between the Web page and the 
individual/organization indicated by the mark, the sixth 
embodiment does not affect the appearance of the Web page. 

A seventh embodiment of this invention will be described 
below. 

60 The configuration of an authentication system used in the 
seventh embodiment is basically the same as that of the 
authentication system explained in the fourth embodiment 
(FIG. 9 to FIG. 13) except that the validity check program 
A 1204c in the memory 1204 of the consumer terminal 1101 

65 is replaced by the validity check program d, that the mark 
management program A 15076 in the memory 1507 of the 
mark management server 1122 is replaced by the mark 
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management program d, and that the mark acquisition 
program 1306c in the memory 1306 of the vendor terminal 
1112 is replaced by the mark acquisition program d. 

The operation of the authentication system used in the 
seventh embodiment will now be described below. 

First, the mark acquisition program d running on the 
vendor terminal 1112 sends a mark-send request, as well as 
his own Web page data, to the mark management server 
1122. 

Upon receiving the request, the mark management pro- 
gram d running on the mark management server 1122 checks 
if a mark should be sent to the vendor 1110 on the vendor 
terminal 1112 from which the request was sent and, if it is 
determined that the mark should be sent, performs process- 
ing shown in FIG. 23. 

That is, the server 1122 calculates the hash value 2306 of 
the Web page data 2305 sent with the mark-send request 
(step 2301) and embeds, as a digital signature, the calculated 
hash value 2306 into the mark 2307 stored in the mark 
management DB 1123 (step 2302). The server 1122 then 
modifies Web page data 2305 sent with the mark-send 
request so that a mark 2308 into which the digital watermark 
was embedded is displayed in the Web page (step 2303), and 
sends the modified Web page data 2309 to the mark acqui- 
sition program d running on the vendor terminal 1112 (step 
2304). 

The mark acquisition program d stores, via the WWW 
server 1113, the Web page data sent from the mark man- 
agement server 1122 into the Web page DB 1114. 

After that, when a request is entered from the consumer 
1100 via the browser program 12046 running on the con- 
sumer terminal 1101, this Web page is sent to the consumer 
terminal 1101 and displayed on the display unit 1102. 

On the other hand, the validity check program d running 
on the consumer terminal U01 checks the validity of the 
Web page when the consumer 1100 enters a request (for 
example, when the consumer clicks the mark). 

That is, as shown in FIG. 24, the terminal 1101 first 
extracts a mark 2407 from a Web page 2406 to check its 
validity (step 2401) and extracts a hash value 2408 embed- 
ded in the extracted mark 2407 as a digital watermark (step 
2402). The terminal 1101 also calculates a hash value 2409 
of the Web page data except the part related to the mark 
whose validity is to be checked (step 2403) and compares 
the calculated hash value 2409 with the hash value 2408 
extracted from the mark (step 2404). If they match, the 
terminal 1101 displays a message stating that the mark was 
validated on the display unit 1102; if they do not match, the 
terminal 1101 displays a message stating that the mark was 
not validated on the display unit 1102 (step 2405). 

Information necessary to extract the hash value 2408, 
embedded as the digital watermark, from the extracted mark 
2407 should be obtained in advance from the mark man- 
agement server 1122. To do so, the validity check program 
d is designed to send a validity check confirmation infor- 
mation request to the mark management server 1122 as 
requested by the consumer 1100, and store information 
received in response to the request in the memory 1204 or 
in the storage unit 1202. The mark management program d 
running on the mark management server 1122 is also 
designed to send the required information back to the 
consumer terminal 1101 in response to the validity check 
confirmation information request. 

In the seventh embodiment, a mark in which the hash 
value of a Web page is embedded is pasted in a Web page 
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instead of a simple mark. This type of mark enables the user 
to authenticate that the mark is given to the Web page in 
which the mark is embedded. The Web page also contains a 
mark showing the related individual/organization. In 

5 addition, because the hash value of the Web page is used as 
the digital watermark, and always embedded into the mark, 
the processing does not depend on whether a plurality of 
types of data are included in the Web page. Because the 
mark, usually displayed in the Web page, is used to authen- 

10 ticate that the mark is given to the Web page, the seventh 
embodiment does not affect the appearance of the Web page. 

An eighth embodiment of this invention will be described 
below. 

The configuration of an authentication system used in the 
15 eighth embodiment is basically the same as that of the 
authentication system explained in the fourth embodiment 
(FIG. 9 to FIG. 13). 

However, in this embodiment, the consumer terminal 
1101, the mark management server 1122, and the vendor 
20 terminal 1112 are replaced by the consumer terminal 1800a, 
the mark management server 1810a, and the vendor terminal 
1112a, respectively. 

As shown in FIG. 25, the configuration of the consumer 
terminal 1800a differs in that the public key DB 1801 
25 explained in the fifth embodiment is connected, that the 
public key DB interface 1900 is provided, and that the 
validity check program A 1204c in the memory 1204 is 
replaced by the validity check program e 3204. 
The mark management server 1810a also differs in that 
30 the mark management program A 15076 in the memory 
1507 is replaced by the mark management program e 3507, 
as shown in FIG. 26. 

The vendor terminal 1112a also differs in that the mark 
acquisition program 1306c in the memory 1306 is replaced 
35 by a mark acquisition program e 3306, as shown in FIG. 27. 
The operation of the authentication system used in the 
eighth embodiment will now be described below. 

First, the mark acquisition program e 3306 running on the 
^ vendor terminal 1112a sends a mark-send request, as well as 
his own Web page data, to the mark management server 
1810a. 

Upon receiving the request, the mark management pro- 
gram e 3507 running on the mark management server 1810a 

45 checks if a mark should be sent to the vendor 1110 on the 
vendor terminal 1112a from which the request was sent and, 
if it is determined that the mark should be sent, performs 
processing shown in FIG. 28. 

That is, the server 1810a calculates a hash value 2807 of 

50 Web page data 2806 sent with the mark-send request (step 
2801), encrypts the hash value 2807 with a private key 2808 
of the mark management organization 1121 to generate a 
digital signature 2809 (step 2802), and embeds the generated 
digital signature 2809 into a mark 2810, stored in the mark 

55 management DB 1123, as a digital watermark (step 2803). 
The server 1810a then modifies the Web page data 2806 sent 
with the mark-send request so that a mark 2811 into which 
the digital watermark was embedded is displayed in the Web 
page 2806 (step 2804), and sends modified Web page data 

60 2812 to the mark acquisition program e 3306 running on the 
vendor terminal 1112a (step 2805). 

The mark acquisition program e 3306 running on the 
vendor terminal 1112a stores, via the WWW server 1113, the 
Web page sent from the mark management server 1810a into 

65 the Web page DB 1114. 

After that, when a request is entered from the consumer 
1100 via the browser program 12046 running on the con- 
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sumer terminal 1800a, this Web page is sent to the consumer 
terminal 1800a and displayed on the display unit 1102. 

On the other hand, the validity check program e 3204 
running on the consumer terminal 1800a checks the validity 
of the Web page when the consumer 1100 enters a request 
(for example, when the consumer clicks on the mark). 

That is, as shown in FIG. 29, the terminal 1800a first gets 
a public key 2910 of the mark management organization 
1121 from the public key DB 1801. Then, the terminal 
1800a extracts a mark 2908 from a Web page 2907 to check 
its validity (step 2901), extracts a digital signature 2909 
embedded in the extracted mark 2908 as a digital watermark 
(step 2902), and decrypts the extracted digital signature 
using the public key 2910 of the mark management orga- 
nization 1121 to get a hash value 2911 (step 2903). The 
terminal 1800a also calculates a hash value 2912 of the Web 
page data except the part related to the mark 2908 whose 
validity is to be checked (step 2904), and compares the 
calculated hash value 2912 with the hash value 2911 gen- 
erated by decrypting the digital signature extracted from the 
mark 2908 (step 2905). If they match, the terminal 1800a 
displays a message on the display unit 1102 stating that the 
mark was validated; if they do not match, the terminal 1800a 
displays a message staging that the mark was not validated 
(step 2906). 

Information necessary to extract a hash value 2911, 
embedded as the digital watermark, from the extracted mark 
2908 should be obtained in advance from the mark man- 
agement server 1810a. To do so, the validity check program 
e 3204 running on the consumer terminal 1800a is designed 
to send a validity check confirmation information request to 
the mark management server 1810a as requested by the 
consumer 1100, and store information received in response 
to the request in the memory 1204 or in the storage unit 
1202. The mark management program e 3507 running on the 
mark management server 1810a is also designed to send the 
required information back to the consumer terminal 1800a 
in response to the validity check confirmation information 
request. 

In addition, the public key 2910 of the mark management 
organization 1121 received in response to a public key send 
request, issued from the consumer 1800a to the mark 
management server 1810a, is stored in the public key DB 
1801. Upon receiving the public key send request, the mark 
management server 1810a sends its own public key 2910 
back to the consumer terminal 1800a as a response. 

In the eighth embodiment described above, a mark in 
which a digital signature, generated by encrypting the hash 
value of a Web page using the private key of the mark 
management organization mark, is embedded as a digital 
watermark and is pasted in a Web page instead of a simple 
mark. This type of mark enables the authentication of the 
relation between the Web page and the mark management 
organization to be validated correctly. The Web page also 
contains a mark showing the related individual/organization. 
In addition, because the digital signature for the hash value 
of the Web page data is always embedded into the mark as 
the digital watermark, the processing does not depend on 
whether a plurality of types of data are included in the Web 
page. Embedding the digital watermark into the mark in the 
Web page as the digital signature eliminates the need to 
manage the digital signature separately from the Web page 
data. Because the mark, usually displayed in the Web page, 
is used to authenticate that the mark is given to the Web 
page, the eighth embodiment does not affect the appearance 
of the Web page. 
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In the sixth to eighth embodiments described above, the 
mark management server modifies the Web page data, sent 
with a mark-send request, so that the mark in which a digital 
watermark is embedded may be displayed in the Web page. 

5 The server then sends the modified Web page data to the 
mark acquisition program e running on the vendor terminal. 
This processing may be modified as follows. 

That is, the mark management server sends a mark, in 
which a digital watermark is embedded, to the vendor 

10 terminal. The vendor terminal modifies the original of the 
Web page data sent with the mark-send request so that the 
mark in which the digital watermark is embedded is dis- 
played in the Web page. 
In the sixth to the eighth embodiments, processing on the 

3 5 consumer terminal may be modified as follows: 

That is, in the sixth embodiment, the consumer terminal 
extracts the mark to be validated from the Web page, and 
sends the extracted mark and a validity check request to the 
mark management server. In the seventh and eighth 

20 embodiments, the consumer terminal sends Web page data 
containing the mark and the validity check request to the 
mark management server. On the display unit of the con- 
sumer terminal there is displayed a successful or an unsuc- 
cessful validity check message sent back from the mark 

25 management server. On the other hand, upon receiving a 
validity check request, the mark management server per- 
forms the validity check on the mark in the same way as the 
consumer terminal performs in the sixth to eighth embodi- 
ments. In the sixth embodiment, the mark management 

30 server extracts information embedded in the mark sent with 
the request. If this information matches the information 
embedded by the mark management server, it sends a 
successful validity message to the consumer terminal; if not, 
it sends an unsuccessful validity check message to the 

35 consumer terminal. In the seventh embodiment, the mark 
management server extracts the mark from the Web page 
sent with the request, extracts the hash value embedded in 
the mark as the digital watermark, calculates the hash value 
of the Web page except the area related to the mark to be 

40 validated, and compares this value with the hash value 
extracted from the mark. If they match, the mark manage- 
ment server sends a successful validity check message to the 
consumer terminal, and if not, it sends an unsuccessful 
message to the consumer terminal. In the eighth 

45 embodiment, the mark management server extracts the mark 
from the Web page sent with the request, extracts the digital 
signature embedded in the extracted mark as the digital 
watermark, and extracts the hash value by decrypting the 
digital signature with a public key of the mark management 

50 organization. The mark management server calculates the 
hash value of the Web page data except the area related to 
the mark to be validated, and compares this value with the 
hash value , generated by decrypting the digital signature 
extracted from the mark. If they match, the mark manage- 

55 ment server sends a successful validity check message to the 
consumer terminal, and if not, it sends an unsuccessful 
message to the consumer terminal. 

The above-described sixth to eighth embodiments may be 
applied not only to Web pages but also to digital data to be 

60 used in various types of electronic commerce. For example, 
when drawing data is used in various types of electronic 
commerce, vendor's marks are attached to drawings data to 
allow the validity of the drawings to be authenticated. As 
described earlier, a mark need not always be image data. For 

65 example, when audio data is used in electronic commerce, 
the audio data representing a vendor or a copyright holder 
may be added before or after audio data, and a digital 
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watermark described in the sixth to eighth embodiments 
may be embedded into the added audio data. 

The embodiments of this invention are described above. 

The programs used in each of the above-described 
embodiments may be recorded on various types of recording 5 
media, including a floppy disk, CD-ROM, DVD, and so 
forth for distribution to a unit on which they are executed. 
Alternatively, the programs may be downloaded to the unit 
from some other server connected to the network to which 
the unit is connected. 10 

Each embodiment described above may be modified in 
other specific forms without departing from the spirit or 
essential characteristics thereof. 

As described above, this invention provides a technique 
allowing the relation between digital data and an individual/ 15 
organization to be authenticated more reliably. At the same 
time, an individual/organization associated with digital data 
may be presented directly to the user so that the relation 
between the digital data and the individual/organization may 
be authenticated. 20 

What is claimed is: 

1. An embed-in-content information processing method 
for embedding information on k (k is an integer equal to or 
larger than 2) content-handling persons using an electronic 
computer, the method comprising the steps of: 25 

creating a digital signature of a first content-handling 
person by encrypting a hash value using a private key 
in accordance with a public key cipher system of the 
first content-handling person, the hash value being 
created by evaluating the content with a first hash 30 
function; 

sequentially repeating digital signature creation for a 
second person to a k-th content-handling person to 
create the digital signatures of the content-handling 
persons; and 35 

embedding the digital signature of the k-th content- 
handling person into the content such that the digital 
signature of the k-th content-handling person cannot be 
separated from the content without using a predeter- 
mined rule, the digital signature of the k-th content- 40 
handling person being obtained by performing said 
digital signature creation for the k-th content-handling 
person, wherein, during said digital signature creation 
processing for an i-th content-handling person (i is an 
integer between 2 and k), a value dependent on the 45 
digital signature of the (i-l)th content-handling person 
is encrypted using the private key of the i-th content- 
handling person to generate the digital signature of the 
(i-)th content-handling person. 

2. An embed-in -content information processing method 50 
according to claim 1, wherein the value dependent on the 
digital signature of the (i-l)th content-handling person is a 
hash value obtained by evaluating the value of the digital 
signature of said (i-l)th content-handling person with a hash 
function. 55 

3. In a system in which at least one client terminal, at least 
one Worldwide Web (WWW) server providing information 
upon request from said client terminal, and at least one mark 
management server managing one or more marks used by 
said client terminal, said client terminal, said WWW server 60 
and said mark management server are interconnected over a 
communication network, a Web page authentication method, 
for a Web page published on the WWW server, the method 
comprising: 

sending, by said WWW server, a mark-send request 65 
containing information for specifying said WWW 
server to said mark management server, 
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pasting, by said WWW server, the mark sent back from 
said mark management server into the Web page of said 
WWW server; 

setting in the Web page a link to said mark management 
server, 

publishing, by said WWW server, the Web page contain- 
ing the mark for access by said client terminal; 

storing, by said mark management server, in a mark 
management database (DB), such information as to 
whether the mark managed by the mark management 
server has been sent; 

checking, by said mark management server, upon receiv- 
ing the mark-send request from said WWW server, if 
the WWW server satisfies a condition for acquiring the 
mark, and only when the condition is satisfied, updating 
said mark management DB, and then sending the 
requested mark back to the WWW server; 

referencing, by said mark management server, upon 
receiving a validity check request from said client 
terminal, said mark management DB to verify if the 
requested mark is valid and sending a verification result 
back to the client terminal; 

downloading, by said client terminal, the Web page con- 
taining said mark from said WWW server; and 

sending, by said client terminal, the validity check request 
including information specifying said Web page con- 
taining said mark and receiving the verification result. 

4. A method according to claim 3, wherein said informa- 
tion specifying said WWW server is a URL of said WWW 
server. 

5. A method according to claim 3, wherein said link to 
said mark management server is set in said mark contained 
on said web page. 

6. A method according to claim 3, wherein said link to 
said mark management server is set by said WWW server. 

7. A method according to claim 3, wherein said mark 
management server comprises: 

a mark issuance server which issues marks; and 

a mark verification server which authenticates marks. 

8. In a system in which at least one client terminal, at least 
one Worldwide Web (WWW) server providing information 
upon request from said client terminal, and at least one mark 
management server managing one or more marks used by 
said client terminal, said client terminal, said WWW server 
and said mark management server are interconnected over a 
communication network, a Web page authentication method, 
for a Web page published on the WWW server, the method 
comprising: 

sending, by said WWW server, a mark-send request 
containing information specifying said WWW server to 
said mark management server; 

pasting, by said WWW server, a signature -containing 
mark sent back from said mark management server into 
the Web page of the WWW server and publishing the 
Web page containing the signature-containing mark for 
access by said client terminal; 

storing, by said mark management server, in a mark 
management database (DB), such information as to 
whether the mark managed by the mark management 
server has been sent; 

receiving in said client terminal a public key of said mark 
management server from said mark management 
server; 

checking, by said mark management server, upon receiv- 
ing the mark-send request from said WWW server, if 
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said WWW server satisfies a condition for acquiring the 
mark, and only when the condition is satisfied, updating 
said mark management DB, adding a digital signature 
to information specifying said WWW sever contained 
in said request to generate a signature-containing mark, 5 
and then sending the signature-containing mark back to 
the WWW server; 

storing, by said client terminal, in. a public key DB the 
public key sent back from said mark management 
server; 30 

downloading, by said client terminal, from said WWW 
server a Web page in which said mark is pasted; and 

referencing, by client terminal, said public key DB to 
verify the signature contained in the downloaded Web 
page in which said mark is pasted. * 35 

9. A Web page authentication method according to claim 
8, wherein the signature -containing mark is generated not 
only for the information specifying said WWW server but 
also for image data of the mark to generate the signature- 
containing mark from the mark and the signature. 20 

10. A Web page authentication method according to claim 
8, wherein the signature-containing mark is generated for the 
Web page to generate the signature-containing mark from 
the mark and the signature. 

11. A Web page authentication method according to claim 25 
8, wherein not only the mark and the signature but also 
attribute information associated with the system is used as a 
component of the signature-containing mark. 

12. A method according to claim 8, wherein said infor- 
mation specifying said WWW server is a URL of said 30 
WWW server. 

13. A method according to claim 8, wherein said client 
terminal sends a public key send request to said mark 
management server and said mark management server sends 

a public key to said client terminal in response to said public 35 
key send request. 

14. A method according to claim 8, wherein said client 
terminal receives a public key from said mark management 
server after said client terminal downloads said web page. 

15. A method according to claim 8, wherein said in for- 40 
mation specifying said web server is one of a URL of said 
WWW server, said mark, and said web page. 

16. A method according to claim 8, wherein said mark 
management server comprises: 

a mark issuance server which issues marks; and 

a mark verification server which authenticates marks. 

17. A Web page authentication system comprising: 

an information browser device for browsing a Web page; 
an information publisher device for publishing a Web 50 
page; and 

a mark manager device for managing a mark for authen- 
ticating the Web page published by said information 
publisher device, 
wherein said information publisher device comprises: 55 
publishing means for publishing a Web page in which 
link information to said mark manager device has 
been set, 

wherein said information browser device comprises: 
Web display means for displaying the Web page 60 
published by said information publisher device on 
a display device together with a mark for authen- 
ticating said Web page, said mark managed by 
said mark manager device, and 
check requesting means for sending a check request 65 
to check validity of said Web page to said mark 
manager device determined by said link informa- 
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tion set on said Web page in response to an 
operation by a user to select the mark displayed on 
said display device together with the Web page, 
and 

wherein said mark manager device comprises: 
check information sending means for sending, 
upon receipt of said check request, necessary 
information to check the validity of the Web 
page whose validity is to be checked to an 
originator of said check request. 

18. A Web page authentication system according to claim 

17, wherein said mark manager device further comprises; 
verification means for checking the validity of said Web 

page whose validity is to be checked, upon receipt of 
said check request, 
wherein said check information sending means in said 
mark manager device sends a check result by said 
verification means to said originator of said check 
request as said information necessary for checking the 
validity of the Web page whose validity is to be 
checked, and 

wherein said information browser device further com- 
prises: 

validity check result display means for displaying the 
check result on the display device when the check 
result indicates that the Web page has been verified. 

19. A Web page authentication system according to claim 

18, wherein said information browser device constructs said 
check result display means on the information browser 
device itself in accordance with the information sent through 
a communication network. 

20. A Web page authentication system according to claim 
18, wherein said mark manager device further comprises: 

storage means for storing information relative to the Web 
page authenticated by the mark managed by the mark 
management device itself, and 

wherein said verification means in said mark manager 
device, upon receipt of said check request, executes 
validity check as to the Web page by checking the 
information stored in said storage means and concern- 
ing the Web page that is authenticated by the mark 
displayed together with said Web page on said display 
device of said information browser device. 

21. A Web page authentication system according to claim 

20, wherein said check request contains data for uniquely 
identifying the Web page to be checked and/or a publisher of 
the Web page, 

wherein said storage means of said mark manager device 
stores data for uniquely identifying the Web page 
authenticated by the mark managed by the device itself 
and/or the publisher of the Web page as information 
concerning said Web page, and 

wherein said verification means of said mark manager 
device, upon receipt of said check request, checks the 
validity of the Web page by comparing the data for 
uniquely identifying the Web page to be checked and/or 
the publisher of said Web page contained in said check 
request with the data stored in said storage means. 

22. A Web page authentication system according to claim 

21, wherein said data for uniquely identifying the Web page 
and/or the publisher of said Web page is URL data. 

23. A Web page authentication system according to claim 
21, wherein said data for uniquely identifying the Web page 
and/or the publisher of said Web page is a characteristic 
value of data constructing said Web page. 

24. A Web page authentication system according to claim 
17, wherein said mark manager device further comprises: 
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mark sending means for checking the sending request for 
authentication of the Web page, upon receipt of said 
sending request and for sending the mark to an origi- 
nator of said sending request if said sending request 
satisfies a predetermined condition. 5 

25. An information browser device for browsing a Web 
page, comprising: 

Web display means for displaying a Web page on which 
link information leading to a mark manager device who 
manages a mark for authentication of the Web page has 1Q 
been set together with the mark for authentication of 
said Web page, said mark managed by said mark 
manager device; and 

check requesting means for sending a check request to 
check the validity of the Web page to said mark ^ 
manager device, which is determined by the link infor- 
mation set on said Web page in accordance with an 
operation of a user to select the mark displayed in said 
display device together with the Web page. 

26. An information browser device according to claim 25, 
further comprising: 20 

check result display means for displaying the result of 
checking the validity on the display device, upon 
receipt of said check result if said result indicates that 
the Web page has been verified. 

27. An information browser device according to claim 26, 25 
wherein said check result display means is constructed in 
accordance with information sent through a communication 
network. 

28. A mark manager device for managing a mark for 
authenticating a Web page, comprising: 

means for receiving a check request to check the validity 
of said Web page said check request being generated by 
an operation of a user of a information browser device 
for browsing the Web page to select a mark displayed 
together with the Web page; and 

check information sending means for sending information 
necessary for checking the validity of the Web page to 
an originator of the check request in response to said 
check request. 4Q 

29. A mark manager device according to claim 28, further 
comprising: 

verification means for checking the validity of the target 
Web page upon receipt of said check request, 

wherein said check information sending means sends a ^ 
check result obtained by said verification means to an 
originator of the check request as information neces- 
sary for checking the validity of the Web page. 

30. A mark manager device according to claim 29, further 
comprising: 50 

storage means for storing information as to the Web page 
which is authenticated by the mark managed by said 
mark manager device, and 

wherein said verification means executes, upon receipt of 
said check request, checking of the validity of the Web 55 
page by checking the information stored in said storage 
means and concerning the Web page that is authenti- 
cated by the mark displayed together with the Web page 
in said information browser device. 

31. A mark manager device according to claim 30, 60 
wherein said check request contains data for uniquely iden- 
tifying the Web page and/or the publisher of said Web page, 

wherein said storage means stores data for uniquely 
identifying the Web page that is authenticated by the 
mark managed by said device itself and/or the publisher 65 
of the Web as information concerning said Web page, 
and 
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wherein said verification means, upon receipt of said 
check request checks the validity of the Web page by 
comparing the data uniquely identifying the Web page 
and/or the publisher of the Web page contained in said 
check request with the data stored in said storage 
means. 

32. A mark manager device according to claim 28, further 
comprising: 

sending request receiving means for receiving a sending 
request of a mark for authentication of the Web page; 
and 

mark sending means, upon receipt of said sending request, 
for checking said sending request and if said sending 
request satisfies a predetermined condition, for sending 
the mark to the originator of said sending request. 

33. An information publisher device for publishing a Web 
page, comprising: 

means for setting link information to a mark manager 
device managing a mark for authentication of the Web 
page on said Web page so that an information browser 
device for browsing the web page is capable of sending 
a check request to check the validity of the Web page 
to the mark manager device in accordance with an 
operation of a user of the information browser device to 
select the mark displayed together with the Web page. 

34. A recording medium storing a program therein for 
constructing an information browser device for browsing a 
Web page on a computer, wherein said program is read and 
executed by the computer to construct, on the computer 

Web display means for displaying the Web page in which 
link information leading to a mark manager side man- 
aging a mark for authenticating the Web page has been 
set in a display device together with the mark managed 
by said mark manager for authenticating the Web page; 
and 

check request means for sending a check request to check 
the validity of the Web page to said mark manager 
device which is determined by the link information set 
on said Web page in response to an operation by the 
user to select the mark displayed on said display device 
together with the Web page. 

35. A recording medium storing a program therein for 
constructing a mark manager device for managing a mark 
for authenticating a Web page on a computer, wherein said 
program is read and executed by the computer to construct, 
on the computer: 

means for receiving a check request to check the validity 
of the Web page said check request generated in 
accordance with an operation of a user of an informa- 
tion browser device for browsing the Web page to 
select the mark displayed together with the Web page; 
and 

check information sending means for sending information 
necessary for checking the validity of the Web page to 
an originator of said check request in response to said 
check request. 

36. A recording medium storing a program therein for 
constructing an information publisher device for publishing 
a Web page on a computer, wherein said program is read and 
executed by the computer to construct, on the computer: 

means for setting link information to a mark manager 
device managing a mark for authentication of the Web 
page said Web page so that an information browser 
device for browsing the Web page is capable of sending 
a check request to check the validity of the Web page 
to the mark manager device in accordance with an 
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operation of a user of the information browser device to 
select the mark displayed together with the Web page. 

37. A Web page authentication system comprising: 

an information browser device for browsing a Web page; 
an information publisher device for publishing a Web 
page; and 

a mark manager device for managing a mark for authen- 
ticating the Web page published by said information 
publisher device, 
wherein said information publisher device comprises: 
mark sending request means for sending a sending 
request of a mark in which information for checking 
the validity of the Web page is embedded as a digital 
watermark to said mark manager device, and 
publishing means for publishing said mark sent from 
said mark manager device by pasting said mark on 
said Web page, 
wherein said mark manager device comprises: 

mark generating means for generating said mark in 
response to the sending request of the mark, and 
mark sending means for sending said mark gen- 
erated by said mark generating means to an origi- 
nator of said sending 
request of the mark, and 

wherein said information browser device comprises: 
downloading means for downloading the Web 
page published by said information publisher 
device and on which said mark is pasted 
thereon, 

validity check information extraction means for 
extracting information for checking the valid- 
ity of the Web page embedded in the mark as 
a digital watermark, the mark being pasted on 
said Web page downloaded by said download- 
ing means, and 

extracted information display means for display- 
ing on a display device the information for 
checking the validity of the Web page 
extracted by said validity check information 
extraction means. 

38. A Web page authentication system according to claim 

37, wherein said validity check information extraction 
means of said information browser device extracts the 
validity check information embedded in the mark pasted on 
said Web page as the digital watermark, in response to a 
request from a user to check the validity of the Web page 
downloaded by said downloading means. 

39. A Web page authentication system according to claim 

38, said mark manager device further comprises: 
determining means for determining whether the sending 

request satisfies a predetermined condition, upon 
receipt of the sending request; and 
wherein said mark generating means in the mark manager 
device generates said mark if said determining means 
determines that said sending request satisfies said pre- 
determined condition. 

40. A Web page authentication system according to claim 
38, said information browser device further comprises: 

Web display means for displaying the Web page down- 
loaded by said downloading means; and 

wherein said information browser device accepts the 
validity check request as to said Web page originated 
by an operation of the user to select the mark pasted on 
the Web page currently displayed. 

41. A Web page authentication system according to claim 
38, wherein said information publishing means in said 



11,162 

40 

information publishing device sets, on the Web page on 
which the mark sent from said mark manager device is 
pasted, link information to said mark manager to publish the 
Web page, 

5 wherein said information publisher device further com- 
prises: 

check requesting means for sending a check request 
received from a user of the information publisher' 
device to check the validity of the Web page down- 
10 loaded by said downloading means to said mark man- 
ager device determined by the link information set on 
said Web page, and 
wherein said mark manager device further comprises: 
check information sending means for sending, upon 
receipt of said check request, necessary information 
for checking the validity of the Web page to an 
originator of said check request. 

42. A Web page authentication system according to claim 

41, wherein said mark manager device further comprises: 
20 verification means for checking the validity of the Web 

page, upon receipt of said check request, 
wherein said check information sending means in said 
mark manager device sends a check result by said 
verification means to the originator of said check 
25 request as necessary information for checking the 
validity of the Web page, and 
wherein said information browser device further com- 
prises: 

check result displaying means for receiving said check 
30 result from said mark manager device and displaying 

said result on a display device. 

43. A Web page authentication system according to claim 

42, wherein said check result display means in said infor- 
mation publisher device displays the check result when said 

35 check result received from said mark manager device indi- 
cates that the Web page has been verified. 

44. A Web page authentication system according to claim 
37, wherein information for checking the validity of the Web 
page to be embedded in the mark as the digital watermark 

40 contains data which uniquely identifies said Web page 
and/or the publisher of said Web page. 

45. A Web page authentication system according to claim 
44, wherein said data which uniquely identifies said Web 
page and/or the publisher of said Web page is URL data. 

45 46. A Web page authentication system according to claim 
44, wherein said data which uniquely identifies said Web 
page and/or the publisher of said Web page is a characteristic 
value of the data constructing said Web page. . 

47. A Web page authentication system according to claim 
50 37, wherein said mark generating means in said mark 

manager device generates a digital signature, using a private 
key of said mark manager device, as to the information for 
checking the validity of the Web page published by said 
information publisher device which had sent said sending 
55 request of the mark, and embeds said digital signature in the 
mark as a digital watermark, and 
wherein said information publisher device further com- 
prises: 

means for verifying said digital signature embedded in 
60 the mark as the digital watermark, said mark sent 

from said mark manager device, using a public key 
which matches said private key of said mark man- 
ager device. 

48. A Web authentication system according to claim 47, 
65 wherein said mark generating means in said mark manager 

device generates said digital signature by including a char- 
acteristic value of the mark in an object of the signature. 
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49. An information browser device for browsing a Web 
page, comprising: 

downloading means for downloading a Web page on 
which a mark is pasted, and information for checking 
the validity of the Web page said mark being embedded 5 
in said mark as a digital watermark; 

validity check information extracting means for extract- 
ing the information for checking the validity of the Web 
page which is embedded in the mark as the digital 
watermark from the mark pasted on the Web page 30 
downloaded by said downloading means; and 

extracted information display means for displaying the 
validity check information extracted by said validity 
check information extracting means. ]5 

50. An information browser device according to claim 49, 
wherein said validity check extracting means extracts infor- 
mation for checking the validity of the Web page which is 
embedded in the mark as the digital watermark from the 
mark pasted on the Web page, in response to a validity check 2Q 
request from a user to check the validity of the Web page that 
was downloaded by said downloading means. 

51. An information browser device according to claim 50, 
further comprising: 

Web display means for displaying the Web page in a 2 s 
display device downloaded by said downloading 
means, 

wherein said information browser device receives the 
Web page validity check request by an operation of the 
user to select the mark pasted on the Web page which 30 
is currently displayed on the display device. 

52. An information browser device according to claim 50, 
wherein link information is set on said Web page having the 
mark pasted thereon, and 

wherein said information browser device further com- 35 
prises: 

check requesting means for sending the Web page 
validity check request received from said user as to 
the Web page downloaded by said downloading 
means to an address determined by said link infor- 40 
mation that is set on said Web page. 

53. A mark manager device for generating a mark to be 
pasted on a Web page published by an information publisher 
device, comprising: 

mark generating means for generating the mark by 
embedding information for checking the validity of the 
Web page to be published by the information publisher 
device into the mark as a digital watermark in response 
to the sending request from said information publisher 
device; and 

mark sending means for sending the mark generated by 
said mark generating means to an originator of said 
sending request. 

54. A mark manager device according to claim 53, further 55 
comprising: 

determining means for determining, upon receipt of the 

sending request, whether said sending request satisfies 

a predetermined condition, . 
wherein said mark generating means, upon determination 60 

that said sending request satisfies the predetermined 

condition, generating the mark. 

55. A mark manager device according to claim 53, further 
comprising: 

check information sending means for sending necessary 65 
information for checking the validity of the Web page 
to the originator of the validity check request, upon 
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receipt of the validity check request as to the Web page 
published by said information publisher device and on 
. which the mark is pasted. 

56. A mark manager device according to claim 55, further 
comprising: 

verification means for checking the validity of the Web 
page, upon receipt of said validity check request, 

wherein said validity check information sending means 
sends a verification result by said verifying means to 
said originator of the check request as information 
necessary for checking the validity of the Web page. 

57. A mark manager device according to claim 53, 
wherein said mark generating means generates a digital 
signature, using the private key of said mark manager 
device, as to information for checking the validity of the 
Web page published by said information publisher device 
which had sent the sending request, and embeds said digital 
signature into the mark as the digital watermark. 

58. An information publisher device publishing a Web 
page, comprising: 

mark sending request means for sending a sending request 
of the mark in which information for checking the 
validity of the Web page is embedded as a digital 
watermark to the mark manager device which generates 
the mark; and 

publishing means for publishing said mark sent from said 
mark manager device by pasting said mark on said Web 
page. 

59. An information publisher device according to claim 
58, wherein said publishing means sets, on the Web page on 
which the mark sent from said mark manager device is 
pasted, link information to said mark manager to publish the 
Web page. 

60. An information publishing device according to claim 
58, wherein said mark sent from said mark manager device 
contains the digital signature generated using a private key 
of said mark manager device as to information for checking 
the validity of the Web page, said digital signature being 
embedded in said mark, and 

wherein said information publishing device further com- 
prising verifying means for verifying the digital signa- 
ture embedded in the mark sent from said mark man- 
ager device as the digital watermark by using a public 
key which pairs with said private key of said mark 
manager device. 

61. A recording medium storing a program therein for 
constructing an information browser device for browsing a 
Web page on a computer said program being read and 
executed by the computer to construct, on the computer: 

downloading means for downloading the Web page on 
which a mark is pasted, and information for checking 
the validity of the Web page being embedded in said 
mark as a digital watermark; 

validity check information extraction means for extract- 
ing the information embedded as the digital watermark 
in said mark pasted on said Web page downloaded by 
said downloading means; and 

extracted information display means for displaying the 
information for checking the validity of the Web page 
extracted by said validity check information extracting 
means on a display device. 
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62. A recording medium storing a program therein for 
constructing a mark manager device for generating a mark 
to be pasted on a Web page published by an information 
publisher device on a computer, said program being read and 
executed by the computer to construct, on the computer: 5 
mark generating means for generating a mark by embed- 
ding information for checking the validity of the Web 
page published by the information publisher device in 
the mark in a form of a digital watermark, in accor- 
dance with a sending request sent from said in forma- 10 
tion publisher device; and 
mark sending means for sending said mark generated by 
said mark generating means to an originator of said 
sending request. 
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63. Recording medium storing a program therein for 
constructing an information publishing device for publish- 
ing a Web page on a computer, said program being read and 
executed by the computer to construct, on the computer: 
mark sending request means for sending a sending request 
of a mark in which information for checking the 
validity of the Web page is embedded as a digital 
watermark to the mark manager device which generates 
the mark; and 

publishing means for publishing the mark sent from said 
mark manager device by pasting said mark on the Web 
page. 

***** 
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